FreeBSD : kwebkitpart, kde-runtime -- insufficient input validation (890b6b22-70fa-11e4-91ae-5453ed2e2b49)

This script is Copyright (C) 2014 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing one or more security-related
updates.

Description :

Albert Aastals Cid reports :

kwebkitpart and the bookmarks:// io slave were not sanitizing input
correctly allowing to some JavaScript being executed on the context of
the referenced hostname.

Whilst in most cases, the JavaScript will be executed in an untrusted
context, with the bookmarks IO slave, it will be executed in the
context of the referenced hostname. It should however be noted that
KDE mitigates this risk by attempting to ensure that such URLs cannot
be embedded directly into Internet hosted content.

See also :

https://www.kde.org/info/security/advisory-20141113-1.txt
http://www.nessus.org/u?da00e17d

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 79365 ()

Bugtraq ID:

CVE ID: CVE-2014-8600

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now