BID:25170

KDE Konqueror Assert Denial of Service Vulnerability

Info

KDE Konqueror Assert Denial of Service Vulnerability

Bugtraq ID:	25170
Class:	Failure to Handle Exceptional Conditions
CVE:	CVE-2007-4229
Remote:	Yes
Local:	No
Published:	Mar 05 2007 12:00AM
Updated:	May 07 2015 05:36PM
Credit:	Thomas Waldegger is credited with discovering this vulnerability.
Vulnerable:	KDE Konqueror 3.5.7 KDE Konqueror 3.5.5 KDE Konqueror 3.5.2 KDE Konqueror 3.5.1 KDE Konqueror 3.3.2 KDE Konqueror 3.3.1 KDE Konqueror 3.3 KDE Konqueror 3.2.3 KDE Konqueror 3.2.2 -6 KDE Konqueror 3.2.1 KDE Konqueror 3.1.5 KDE Konqueror 3.1.4 KDE Konqueror 3.1.3 KDE Konqueror 3.1.2 + KDE KDE 3.1.2 KDE Konqueror 3.1.1 + KDE KDE 3.1.1 KDE Konqueror 3.1 + Mandriva Linux Mandrake 9.1 ppc + Mandriva Linux Mandrake 9.1 + Mandriva Linux Mandrake 9.1 KDE Konqueror 3.0.5 b KDE Konqueror 3.0.5 + MandrakeSoft Corporate Server 2.1 + Mandriva Linux Mandrake 9.0 + Mandriva Linux Mandrake 9.0 KDE Konqueror 3.0.3 + KDE KDE 3.0.3 KDE Konqueror 3.0.2 + KDE KDE 3.0.2 KDE Konqueror 3.0.1 + KDE KDE 3.0.1 KDE Konqueror 3.0 + KDE KDE 3.0 KDE Konqueror 2.2.2 + Debian Linux 3.0 sparc + Debian Linux 3.0 s/390 + Debian Linux 3.0 ppc + Debian Linux 3.0 mipsel + Debian Linux 3.0 mips + Debian Linux 3.0 m68k + Debian Linux 3.0 ia-64 + Debian Linux 3.0 ia-32 + Debian Linux 3.0 hppa + Debian Linux 3.0 arm + Debian Linux 3.0 alpha + Debian Linux 3.0 + Redhat Enterprise Linux AS 2.1 IA64 + Redhat Enterprise Linux AS 2.1 + Redhat Enterprise Linux ES 2.1 IA64 + Redhat Enterprise Linux ES 2.1 + Redhat Enterprise Linux WS 2.1 IA64 + Redhat Enterprise Linux WS 2.1 + Redhat Linux Advanced Work Station 2.1 + Turbolinux Turbolinux Server 8.0 + Turbolinux Turbolinux Server 7.0 + Turbolinux Turbolinux Workstation 8.0 + Turbolinux Turbolinux Workstation 7.0 KDE Konqueror 2.2.1 KDE Konqueror 2.1.2 KDE Konqueror 2.1.1

Not Vulnerable:

Discussion

KDE Konqueror Assert Denial of Service Vulnerability

KDE Konqueror is prone to a remote denial-of-service vulnerability because it fails to handle improperly formated HTML code.

An attacker may exploit this vulnerability to cause Konqueror to crash, resulting in denial-of-service conditions.

Konqueror 3.5.7 and prior versions are reported vulnerable.

Exploit / POC

KDE Konqueror Assert Denial of Service Vulnerability

The following exploit is available:

/data/vulnerabilities/exploits/25170.html

Solution / Fix

KDE Konqueror Assert Denial of Service Vulnerability

Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

References

KDE Konqueror Assert Denial of Service Vulnerability

References:

Konqueror Homepage (KDE)