Nessus Plugin #16407

Plugin Index

Note: This file has been created from a downloaded version of the Nessus Plugins from http://www.nessus.org/. Therefore, the information here can be outdated.

[GLSA-200501-16] Konqueror: Java sandbox vulnerabilities

Family:
Gentoo Local Security Checks
Category:
infos
Copyright:
(C) 2005 Michel Arboi
Summary:
Konqueror: Java sandbox vulnerabilities
Version:
$Revision: 1.1 $
Cve_id:
CAN-2004-1145
Bugtraq_id:
-
Xrefs:
GLSA:200501-16
Description:
The remote host is affected by the vulnerability described in GLSA-200501-16
(Konqueror: Java sandbox vulnerabilities)


Konqueror contains two errors that allow JavaScript scripts and Java
applets to have access to restricted Java classes.

Impact

A remote attacker could embed a malicious Java applet in a web page and
entice a victim to view it. This applet can then bypass security
restrictions and execute any command, or access any file with the
rights of the user running Konqueror.

Workaround

There is no known workaround at this time.

References:
http://www.kde.org/info/security/advisory-20041220-1.txt
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1145


Solution:
All kdelibs users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose kde-base/kdelibs


Risk factor : Medium
Generiert am 27.04.2005 um 18:49:54 Uhr.