Mandrake Linux Security Advisory : kdelibs (MDKSA-2002:064)

This script is Copyright (C) 2004-2014 Tenable Network Security, Inc.


Synopsis :

The remote Mandrake Linux host is missing one or more security
updates.

Description :

A vulnerability was discovered in Konqueror's cross site scripting
protection, in that it fails to initialize the domains on
sub-(i)frames correctly. Because of this, JavaScript may access any
foreign subframe which is defined in the HTML source, which can be
used to steal cookies from the client and allow other cross-site
scripting attacks. This also affects other KDE software that uses the
KHTML rendering engine.

This is fixed in KDE 3.0.3a, and the KDE team provided a patch for KDE
2.2.2. This patch has been applied to the following packages.

After upgrading kdelibs, you must restart KDE in order for the fix to
work.

See also :

http://www.nessus.org/u?0fd0d083
http://www.kde.org/info/security/advisory-20020908-2.txt

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

Family: Mandriva Local Security Checks

Nessus Plugin ID: 13965 (mandrake_MDKSA-2002-064.nasl)

Bugtraq ID:

CVE ID: CVE-2002-1151

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now