RHEL 4 / 5 : kdelibs (RHSA-2007:0909)

Medium Nessus Plugin ID 26952


The remote Red Hat host is missing one or more security updates.


Updated kdelibs packages that resolve several security flaws are now available for Red Hat Enterprise Linux 4 and 5.

This update has been rated as having moderate security impact by the Red Hat Security Response Team.

The kdelibs package provides libraries for the K Desktop Environment (KDE).

Two cross-site-scripting flaws were found in the way Konqueror processes certain HTML content. This could result in a malicious attacker presenting misleading content to an unsuspecting user.
(CVE-2007-0242, CVE-2007-0537)

A flaw was found in KDE JavaScript implementation. A web page containing malicious JavaScript code could cause Konqueror to crash.

A flaw was found in the way Konqueror handled certain FTP PASV commands. A malicious FTP server could use this flaw to perform a rudimentary port-scan of machines behind a user's firewall.

Two Konqueror address spoofing flaws have been discovered. It was possible for a malicious website to cause the Konqueror address bar to display information which could trick a user into believing they are at a different website than they actually are. (CVE-2007-3820, CVE-2007-4224)

Users of KDE should upgrade to these updated packages, which contain backported patches to correct these issues.


Update the affected kdelibs, kdelibs-apidocs and / or kdelibs-devel packages.

See Also








Plugin Details

Severity: Medium

ID: 26952

File Name: redhat-RHSA-2007-0909.nasl

Version: $Revision: 1.18 $

Type: local

Agent: unix

Published: 2007/10/09

Modified: 2016/12/29

Dependencies: 12634

Risk Information

Risk Factor: Medium


Base Score: 6.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:redhat:enterprise_linux:kdelibs, p-cpe:/a:redhat:enterprise_linux:kdelibs-apidocs, p-cpe:/a:redhat:enterprise_linux:kdelibs-devel, cpe:/o:redhat:enterprise_linux:4, cpe:/o:redhat:enterprise_linux:4.5, cpe:/o:redhat:enterprise_linux:5

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Patch Publication Date: 2007/10/08

Vulnerability Publication Date: 2007/01/23

Reference Information

CVE: CVE-2007-0242, CVE-2007-0537, CVE-2007-1308, CVE-2007-1564, CVE-2007-3820, CVE-2007-4224

OSVDB: 32975, 34084, 34679, 35199, 37242, 37245, 43498, 43499

RHSA: 2007:0909

CWE: 59, 79, 399