KDE Konqueror JavaScript IFrame Denial of Service Vulnerability
BID:22814
Info
KDE Konqueror JavaScript IFrame Denial of Service Vulnerability
| Bugtraq ID: | 22814 |
| Class: | Failure to Handle Exceptional Conditions |
| CVE: |
CVE-2007-1308 |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 05 2007 12:00AM |
| Updated: | Apr 05 2007 04:02AM |
| Credit: | [email protected] is credited with discovering this vulnerability. |
| Vulnerable: |
Ubuntu Ubuntu Linux 5.10 sparc Ubuntu Ubuntu Linux 5.10 powerpc Ubuntu Ubuntu Linux 5.10 i386 Ubuntu Ubuntu Linux 5.10 amd64 Ubuntu Ubuntu Linux 6.10 sparc Ubuntu Ubuntu Linux 6.10 powerpc Ubuntu Ubuntu Linux 6.10 i386 Ubuntu Ubuntu Linux 6.10 amd64 Ubuntu Ubuntu Linux 6.06 LTS sparc Ubuntu Ubuntu Linux 6.06 LTS powerpc Ubuntu Ubuntu Linux 6.06 LTS i386 Ubuntu Ubuntu Linux 6.06 LTS amd64 Mandriva Linux Mandrake 2007.0 x86_64 Mandriva Linux Mandrake 2007.0 MandrakeSoft Corporate Server 4.0 x86_64 MandrakeSoft Corporate Server 4.0 KDE kdelibs 3.5.5 KDE KDE 3.5.5 KDE KDE 3.5.4 |
| Not Vulnerable: | |
Discussion
KDE Konqueror JavaScript IFrame Denial of Service Vulnerability
KDE Konqueror is prone to a remote denial-of-service vulnerability because of an error in KDE's JavaScript implementation.
An attacker may exploit this vulnerability to cause Konquerer to crash, resulting in denial-of-service conditions.
Konqueror included with KDE version 3.5.5 is vulnerable; other versions may also be affected.
KDE Konqueror is prone to a remote denial-of-service vulnerability because of an error in KDE's JavaScript implementation.
An attacker may exploit this vulnerability to cause Konquerer to crash, resulting in denial-of-service conditions.
Konqueror included with KDE version 3.5.5 is vulnerable; other versions may also be affected.
Exploit / POC
KDE Konqueror JavaScript IFrame Denial of Service Vulnerability
The following proof of concept is available:
The following proof of concept is available:
Solution / Fix
KDE Konqueror JavaScript IFrame Denial of Service Vulnerability
Solution:
Please see the referenced advisory for more information.
KDE KDE 3.5.4
KDE kdelibs 3.5.5
Solution:
Please see the referenced advisory for more information.
KDE KDE 3.5.4
-
Mandriva kdelibs-3.5.4-19.3mdv2007.0.src.rpm
Mandriva Linux 2007.0/X86_64:
http://www.mandriva.com/en/download -
Mandriva kdelibs-3.5.4-19.3mdv2007.0.src.rpm
Mandriva Linux 2007.0:
http://www.mandriva.com/en/download -
Mandriva kdelibs-3.5.4-2.4.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
http://www.mandriva.com/en/download -
Mandriva kdelibs-3.5.4-2.4.20060mlcs4.src.rpm
Corporate 4.0:
http://www.mandriva.com/en/download -
Mandriva kdelibs-arts-3.5.4-2.4.20060mlcs4.i586.rpm
Corporate 4.0:
http://www.mandriva.com/en/download -
Mandriva kdelibs-arts-3.5.4-2.4.20060mlcs4.x86_64.rpm
Corporate 4.0/X86_64:
http://www.mandriva.com/en/download -
Mandriva kdelibs-common-3.5.4-19.3mdv2007.0.i586.rpm
Mandriva Linux 2007.0:
http://www.mandriva.com/en/download -
Mandriva kdelibs-common-3.5.4-19.3mdv2007.0.x86_64.rpm
Mandriva Linux 2007.0/X86_64:
http://www.mandriva.com/en/download -
Mandriva kdelibs-common-3.5.4-2.4.20060mlcs4.i586.rpm
Corporate 4.0:
http://www.mandriva.com/en/download -
Mandriva kdelibs-common-3.5.4-2.4.20060mlcs4.x86_64.rpm
Corporate 4.0/X86_64:
http://www.mandriva.com/en/download -
Mandriva kdelibs-devel-doc-3.5.4-19.3mdv2007.0.i586.rpm
Mandriva Linux 2007.0:
http://www.mandriva.com/en/download -
Mandriva kdelibs-devel-doc-3.5.4-19.3mdv2007.0.x86_64.rpm
Mandriva Linux 2007.0/X86_64:
http://www.mandriva.com/en/download -
Mandriva kdelibs-devel-doc-3.5.4-2.4.20060mlcs4.i586.rpm
Corporate 4.0:
http://www.mandriva.com/en/download -
Mandriva kdelibs-devel-doc-3.5.4-2.4.20060mlcs4.x86_64.rpm
Corporate 4.0/X86_64:
http://www.mandriva.com/en/download -
Mandriva lib64kdecore4-3.5.4-19.3mdv2007.0.x86_64.rpm
Mandriva Linux 2007.0/X86_64:
http://www.mandriva.com/en/download -
Mandriva lib64kdecore4-3.5.4-2.4.20060mlcs4.x86_64.rpm
Corporate 4.0/X86_64:
http://www.mandriva.com/en/download -
Mandriva lib64kdecore4-devel-3.5.4-19.3mdv2007.0.x86_64.rpm
Mandriva Linux 2007.0/X86_64:
http://www.mandriva.com/en/download -
Mandriva lib64kdecore4-devel-3.5.4-2.4.20060mlcs4.x86_64.rpm
Corporate 4.0/X86_64:
http://www.mandriva.com/en/download -
Mandriva libkdecore4-3.5.4-19.3mdv2007.0.i586.rpm
Mandriva Linux 2007.0:
http://www.mandriva.com/en/download -
Mandriva libkdecore4-3.5.4-2.4.20060mlcs4.i586.rpm
Corporate 4.0:
http://www.mandriva.com/en/download -
Mandriva libkdecore4-devel-3.5.4-19.3mdv2007.0.i586.rpm
Mandriva Linux 2007.0:
http://www.mandriva.com/en/download -
Mandriva libkdecore4-devel-3.5.4-2.4.20060mlcs4.i586.rpm
Corporate 4.0:
http://www.mandriva.com/en/download
KDE kdelibs 3.5.5
-
Ubuntu kdelibs-data_3.5.5-0ubuntu3.1.1_all.deb
Ubuntu 6.10:
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-data_3.5 .5-0ubuntu3.1.1_all.deb -
Ubuntu kdelibs-dbg_3.5.5-0ubuntu3.1.1_amd64.deb
Ubuntu 6.10:
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-dbg_3.5. 5-0ubuntu3.1.1_amd64.deb -
Ubuntu kdelibs-dbg_3.5.5-0ubuntu3.1.1_i386.deb
Ubuntu 6.10:
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-dbg_3.5. 5-0ubuntu3.1.1_i386.deb -
Ubuntu kdelibs-dbg_3.5.5-0ubuntu3.1.1_powerpc.deb
Ubuntu 6.10:
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-dbg_3.5. 5-0ubuntu3.1.1_powerpc.deb -
Ubuntu kdelibs-dbg_3.5.5-0ubuntu3.1.1_sparc.deb
Ubuntu 6.10:
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-dbg_3.5. 5-0ubuntu3.1.1_sparc.deb -
Ubuntu kdelibs_3.5.5-0ubuntu3.1.1_all.deb
Ubuntu 6.10:
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.5-0u buntu3.1.1_all.deb -
Ubuntu kdelibs4-dev_3.5.5-0ubuntu3.1.1_amd64.deb
Ubuntu 6.10:
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.5 .5-0ubuntu3.1.1_amd64.deb -
Ubuntu kdelibs4-dev_3.5.5-0ubuntu3.1.1_i386.deb
Ubuntu 6.10:
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.5 .5-0ubuntu3.1.1_i386.deb -
Ubuntu kdelibs4-dev_3.5.5-0ubuntu3.1.1_powerpc.deb
Ubuntu 6.10:
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.5 .5-0ubuntu3.1.1_powerpc.deb -
Ubuntu kdelibs4-dev_3.5.5-0ubuntu3.1.1_sparc.deb
Ubuntu 6.10:
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.5 .5-0ubuntu3.1.1_sparc.deb -
Ubuntu kdelibs4-doc_3.5.5-0ubuntu3.1.1_all.deb
Ubuntu 6.10:
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-doc_3.5 .5-0ubuntu3.1.1_all.deb -
Ubuntu kdelibs4c2a_3.5.5-0ubuntu3.1.1_amd64.deb
Ubuntu 6.10:
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2a_3.5. 5-0ubuntu3.1.1_amd64.deb -
Ubuntu kdelibs4c2a_3.5.5-0ubuntu3.1.1_i386.deb
Ubuntu 6.10:
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2a_3.5. 5-0ubuntu3.1.1_i386.deb -
Ubuntu kdelibs4c2a_3.5.5-0ubuntu3.1.1_powerpc.deb
Ubuntu 6.10:
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2a_3.5. 5-0ubuntu3.1.1_powerpc.deb -
Ubuntu kdelibs4c2a_3.5.5-0ubuntu3.1.1_sparc.deb
Ubuntu 6.10:
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2a_3.5. 5-0ubuntu3.1.1_sparc.deb
References
KDE Konqueror JavaScript IFrame Denial of Service Vulnerability
References:
References: