Nessus Plugin #16407
Plugin Index
Note: This file has been created from a
downloaded version of the Nessus Plugins
from
http://www.nessus.org/.
Therefore, the information here can be outdated.
[GLSA-200501-16] Konqueror: Java sandbox vulnerabilities
- Family:
- Gentoo Local Security Checks
- Category:
- infos
- Copyright:
- (C) 2005 Michel Arboi
- Summary:
- Konqueror: Java sandbox vulnerabilities
- Version:
- $Revision: 1.1 $
- Cve_id:
- CAN-2004-1145
- Bugtraq_id:
- -
- Xrefs:
- GLSA:200501-16
- Description:
- The remote host is affected by the vulnerability described in GLSA-200501-16
(Konqueror: Java sandbox vulnerabilities)
Konqueror contains two errors that allow JavaScript scripts and Java
applets to have access to restricted Java classes.
Impact
A remote attacker could embed a malicious Java applet in a web page and
entice a victim to view it. This applet can then bypass security
restrictions and execute any command, or access any file with the
rights of the user running Konqueror.
Workaround
There is no known workaround at this time.
References:
http://www.kde.org/info/security/advisory-20041220-1.txt
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1145
Solution:
All kdelibs users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose kde-base/kdelibs
Risk factor : Medium
Generiert am 27.04.2005 um 18:49:54 Uhr.