RHEL 4 / 5 : kdelibs (RHSA-2007:0909)

medium Nessus Plugin ID 26952

Synopsis

The remote Red Hat host is missing one or more security updates.

Description

Updated kdelibs packages that resolve several security flaws are now available for Red Hat Enterprise Linux 4 and 5.

This update has been rated as having moderate security impact by the Red Hat Security Response Team.

The kdelibs package provides libraries for the K Desktop Environment (KDE).

Two cross-site-scripting flaws were found in the way Konqueror processes certain HTML content. This could result in a malicious attacker presenting misleading content to an unsuspecting user.
(CVE-2007-0242, CVE-2007-0537)

A flaw was found in KDE JavaScript implementation. A web page containing malicious JavaScript code could cause Konqueror to crash.
(CVE-2007-1308)

A flaw was found in the way Konqueror handled certain FTP PASV commands. A malicious FTP server could use this flaw to perform a rudimentary port-scan of machines behind a user's firewall.
(CVE-2007-1564)

Two Konqueror address spoofing flaws have been discovered. It was possible for a malicious website to cause the Konqueror address bar to display information which could trick a user into believing they are at a different website than they actually are. (CVE-2007-3820, CVE-2007-4224)

Users of KDE should upgrade to these updated packages, which contain backported patches to correct these issues.

Solution

Update the affected kdelibs, kdelibs-apidocs and / or kdelibs-devel packages.

See Also

https://access.redhat.com/security/cve/cve-2007-0242

https://access.redhat.com/security/cve/cve-2007-0537

https://access.redhat.com/security/cve/cve-2007-1308

https://access.redhat.com/security/cve/cve-2007-1564

https://access.redhat.com/security/cve/cve-2007-3820

https://access.redhat.com/security/cve/cve-2007-4224

https://access.redhat.com/errata/RHSA-2007:0909

Plugin Details

Severity: Medium

ID: 26952

File Name: redhat-RHSA-2007-0909.nasl

Version: 1.25

Type: local

Agent: unix

Published: 10/9/2007

Updated: 1/14/2021

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:redhat:enterprise_linux:kdelibs, p-cpe:/a:redhat:enterprise_linux:kdelibs-apidocs, p-cpe:/a:redhat:enterprise_linux:kdelibs-devel, cpe:/o:redhat:enterprise_linux:4, cpe:/o:redhat:enterprise_linux:4.5, cpe:/o:redhat:enterprise_linux:5

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Patch Publication Date: 10/8/2007

Vulnerability Publication Date: 1/29/2007

Reference Information

CVE: CVE-2007-0242, CVE-2007-0537, CVE-2007-1308, CVE-2007-1564, CVE-2007-3820, CVE-2007-4224

CWE: 399, 59, 79

RHSA: 2007:0909