Nessus Plugin #15004
Plugin Index
Note: This file has been created from a
downloaded version of the Nessus Plugins
from
http://www.nessus.org/.
Therefore, the information here can be outdated.
[DSA167] DSA-167-1 kdelibs
- Family:
- Debian Local Security Checks
- Category:
- infos
- Copyright:
- This script is (C) 2004 Michel Arboi
- Summary:
- DSA-167-1 kdelibs
- Version:
- $Revision: 1.4 $
- Cve_id:
- CVE-2002-1151
- Bugtraq_id:
- -
- Xrefs:
- DSA:167
- Description:
A cross site scripting problem has been discovered in Konqueror, a
famous browser for KDE and other programs using KHTML. The KDE team
reports
that Konqueror's cross site scripting protection fails to
initialize the domains on sub-(i)frames correctly. As a result,
JavaScript is able to access any foreign subframe which is defined in
the HTML source. Users of Konqueror and other KDE software that uses
the KHTML rendering engine may become victim of a cookie stealing and
other cross site scripting attacks.
This problem has been fixed in version 2.2.2-13.woody.3 for the
current stable distribution (woody) and in version 2.2.2-14 for the
unstable distribution (sid). The old stable distribution (potato) is
not affected since it didn't ship KDE.
We recommend that you upgrade your kdelibs package and restart
Konqueror.
Solution : http://www.debian.org/security/2002/dsa-167
Risk factor : High
Generiert am 27.04.2005 um 18:49:54 Uhr.