[RedHat] Verschiedene Schwachstellen in KDE - RHSA-2004:412-01

win-sec-ssc at dfn-cert.de win-sec-ssc at dfn-cert.de
Tue Oct 5 17:05:33 CEST 2004


-----BEGIN PGP SIGNED MESSAGE-----

Liebe Kolleginnen und Kollegen,

soeben erreichte uns nachfolgendes RedHat Security Advisory. Wir geben
diese Informationen unveraendert an Sie weiter.

Die kdelibs sind zentrale Bibliotheken fuer KDE. Viele Anwendungen,
die spezielle Eigenschaften von KDE benutzen, verwenden die kdelibs.

CAN-2004-0689 - Unsichere Verwendung von temporaeren Verzeichnissen in
kdelibs

  Die kdelibs enthalten einen Fehler, durch den symbolische Links unter
  Umstaenden auf nicht mehr existierende temporaere Verzeichnisse
  zeigen. Ein lokaler Angreifer kann dadurch evtl. beliebige Dateien
  kuerzen oder erzeugen bzw. KDE Anwendungen am Start hindern.

CAN-2004-0746 - Fehler in der Handhabung von Cookies in Konqueror

  Der Webbrowser Konqueror erlaubt das Setzen von Cookies fuer bestimmte
  laenderspezifische Top Level Domains. Durch einen Fehler in der
  Handhabung dieser Cookies kann der Konqueror dazu gebracht werden,
  diese Cookies auch an Webserver zu senden, die unterhalb dieser Domain
  arbeiten. So kann ein entfernter Angreifer durch Abfrage dieser
  Cookies (durch Bereitstellen manipulierter Webseiten auf einem solchen
  System) unter Umstaenden an vertrauliche Informationen des Benutzers
  gelangen.

  Um die Schwachstelle ausnutzen zu koennen, muss der Benutzer eine vom
  Angreifer bereitsgestellte Webseite im Konqueror aufrufen. Ferner muss
  das System einen Domain Namen unterhalb der Top Level Domain haben,
  fuer die das Cookie gesetzt wurde.

CAN-2004-0721 - Fehler bei der Handhabung von Frames in Konqueror

  Der Webbrowser Konqueror erlaubt das Einfuegen von Frames in beliebige
  andere, frame-basierten Webseiten, die ein Benutzer geoeffnet hat. Ein
  entfernter Angreifer kann durch Bereitstellen einer manipulierten
  Webseite eigene Frames in einer anderen, im Konqueror geoeffneten
  Webseite einschleusen.

  Eine Moeglichkeit, diese Schwachstelle auszunutzen, wäre vertrauliche
  Informationen in diesem eingeschleusten Frame abzufragen, die dann an
  den Angreifer gesendet werden koennten.

  Um die Schwachstelle ausnutzen zu koennen, muss der Benutzer eine vom
  Angreifer bereitsgestellte Webseite im Konqueror aufrufen.


Betroffen sind die folgenden Software Pakete und Plattformen:

  Pakete arts, kdelibs, kdelibs-devel, kdelibs-sound und
  kdelibs-sound-devel in

  Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
  Red Hat Linux Advanced Workstation 2.1 - ia64
  Red Hat Enterprise Linux ES version 2.1 - i386
  Red Hat Enterprise Linux WS version 2.1 - i386
  Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x,
  x86_64
  Red Hat Desktop version 3 - i386, x86_64
  Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
  Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64

Vom Hersteller werden ueberarbeitete Pakete zur Verfuegung gestellt.

(c) der deutschen Zusammenfassung bei DFN-CERT Services GmbH; die
Verbreitung, auch auszugsweise, ist nur unter Hinweis auf den Urheber,
DFN-CERT Services GmbH, und nur zu nicht kommerziellen Zwecken
gestattet.

Mit freundlichen Gruessen,

	Marco Thorbruegge, DFN-CERT

- -- 
Marco Thorbruegge (CSIRT), DFN-CERT Services GmbH
Web: https://www.dfn-cert.de/, Phone: +49-40-808077-555
PGP RSA/2048, AE662425, 7E5C A77A F91D 63D1 02AB 9526 53FF F1A0

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Updated kdelibs and kdebase packages correct security issues
Advisory ID:       RHSA-2004:412-01
Issue date:        2004-10-04
Updated on:        2004-10-04
Product:           Red Hat Enterprise Linux
CVE Names:         CAN-2004-0689 CAN-2004-0746 CAN-2004-0721
- - ---------------------------------------------------------------------

1. Summary:

Updated kdelib and kdebase packages that resolve multiple security issues
are now available.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64

3. Problem description:

The kdelibs packages include libraries for the K Desktop Environment.
The kdebase packages include core applications for the K Desktop Environment.

Andrew Tuitt reported that versions of KDE up to and including 3.2.3 create
temporary directories with predictable names.  A local attacker could
prevent KDE applications from functioning correctly, or overwrite files
owned by other users by creating malicious symlinks.  The Common
Vulnerabilities and Exposures project has assigned the name CAN-2004-0689
to this issue.

WESTPOINT internet reconnaissance services has discovered that the KDE web
browser Konqueror allows websites to set cookies for certain country
specific secondary top level domains.  An attacker within one of the
affected domains could construct a cookie which would be sent to all other
websites within the domain leading to a session fixation attack.  This
issue does not affect popular domains such as .co.uk, .co.in, or .com.  The
Common Vulnerabilities and Exposures project has assigned the name
CAN-2004-0721 to this issue.

A frame injection spoofing vulnerability has been discovered in the
Konqueror web browser.  This issue could allow a malicious website to show
arbitrary content in a named frame of a different browser window.  The
Common Vulnerabilities and Exposures project has assigned the name
CAN-2004-0746 to this issue.

All users of KDE are advised to upgrade to these erratum packages,
which contain backported patches from the KDE team for these issues.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.  Use Red Hat
Network to download and update your packages.  To launch the Red Hat
Update Agent, use the following command:

    up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

    http://www.redhat.com/docs/manuals/enterprise/

5. Bug IDs fixed (http://bugzilla.redhat.com/ for more info):

128693 - CAN-2004-0689 Predictable temporary filenames
128462 - CAN-2004-0721 Konqueror frame injection spoofing

6. RPMs required:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/kdelibs-2.2.2-13.src.rpm
34cd7c8777facff45a8e5eeed312b3b4  kdelibs-2.2.2-13.src.rpm

i386:
2b9a999a24dd42549fac4e39790b8c17  arts-2.2.2-13.i386.rpm
d6aebf57668023cb684b81236c32ce71  kdelibs-2.2.2-13.i386.rpm
20114a97ed08c90c3ecd41d1b462b6bf  kdelibs-devel-2.2.2-13.i386.rpm
5ca2b715621e0cdec5e3cfc647739d3f  kdelibs-sound-2.2.2-13.i386.rpm
65522ae63db9a60ec3b021099fa267ed  kdelibs-sound-devel-2.2.2-13.i386.rpm

ia64:
198791b6c87c082383e8824f744a8c41  arts-2.2.2-13.ia64.rpm
f0c10dff06590e9b3d4470a4f8b1f624  kdelibs-2.2.2-13.ia64.rpm
f8c9cebea143dcf5450cd8ca0105d724  kdelibs-devel-2.2.2-13.ia64.rpm
e2218bf3c2da78612dcaf84775f2b940  kdelibs-sound-2.2.2-13.ia64.rpm
2172bffd9baeb6ba3919c9510a8f8c61  kdelibs-sound-devel-2.2.2-13.ia64.rpm

Red Hat Linux Advanced Workstation 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/kdebase-2.2.2-12.src.rpm
1b2d27e8c9b4fbcc6f14b8b5d8f211de  kdebase-2.2.2-12.src.rpm
ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/kdelibs-2.2.2-13.src.rpm
34cd7c8777facff45a8e5eeed312b3b4  kdelibs-2.2.2-13.src.rpm

ia64:
198791b6c87c082383e8824f744a8c41  arts-2.2.2-13.ia64.rpm
95e7fac336a7858e13eb38f47ae5f135  kdebase-2.2.2-12.ia64.rpm
36592e521a13904f8c4c0f5341d39f95  kdebase-devel-2.2.2-12.ia64.rpm
f0c10dff06590e9b3d4470a4f8b1f624  kdelibs-2.2.2-13.ia64.rpm
f8c9cebea143dcf5450cd8ca0105d724  kdelibs-devel-2.2.2-13.ia64.rpm
e2218bf3c2da78612dcaf84775f2b940  kdelibs-sound-2.2.2-13.ia64.rpm
2172bffd9baeb6ba3919c9510a8f8c61  kdelibs-sound-devel-2.2.2-13.ia64.rpm

Red Hat Enterprise Linux ES version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/kdebase-2.2.2-12.src.rpm
1b2d27e8c9b4fbcc6f14b8b5d8f211de  kdebase-2.2.2-12.src.rpm
ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/kdelibs-2.2.2-13.src.rpm
34cd7c8777facff45a8e5eeed312b3b4  kdelibs-2.2.2-13.src.rpm

i386:
2b9a999a24dd42549fac4e39790b8c17  arts-2.2.2-13.i386.rpm
2e4e89ab276d4783fca6effbb86abd45  kdebase-2.2.2-12.i386.rpm
3b7bdc19f63b066f030b02de2fd36fe6  kdebase-devel-2.2.2-12.i386.rpm
d6aebf57668023cb684b81236c32ce71  kdelibs-2.2.2-13.i386.rpm
20114a97ed08c90c3ecd41d1b462b6bf  kdelibs-devel-2.2.2-13.i386.rpm
5ca2b715621e0cdec5e3cfc647739d3f  kdelibs-sound-2.2.2-13.i386.rpm
65522ae63db9a60ec3b021099fa267ed  kdelibs-sound-devel-2.2.2-13.i386.rpm

Red Hat Enterprise Linux WS version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/kdebase-2.2.2-12.src.rpm
1b2d27e8c9b4fbcc6f14b8b5d8f211de  kdebase-2.2.2-12.src.rpm
ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/kdelibs-2.2.2-13.src.rpm
34cd7c8777facff45a8e5eeed312b3b4  kdelibs-2.2.2-13.src.rpm

i386:
2b9a999a24dd42549fac4e39790b8c17  arts-2.2.2-13.i386.rpm
2e4e89ab276d4783fca6effbb86abd45  kdebase-2.2.2-12.i386.rpm
3b7bdc19f63b066f030b02de2fd36fe6  kdebase-devel-2.2.2-12.i386.rpm
d6aebf57668023cb684b81236c32ce71  kdelibs-2.2.2-13.i386.rpm
20114a97ed08c90c3ecd41d1b462b6bf  kdelibs-devel-2.2.2-13.i386.rpm
5ca2b715621e0cdec5e3cfc647739d3f  kdelibs-sound-2.2.2-13.i386.rpm
65522ae63db9a60ec3b021099fa267ed  kdelibs-sound-devel-2.2.2-13.i386.rpm

Red Hat Enterprise Linux AS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/kdebase-3.1.3-5.4.src.rpm
e4d4e63c66ce9c682c85dc250e1e679d  kdebase-3.1.3-5.4.src.rpm
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/kdelibs-3.1.3-6.6.src.rpm
135f069e313d3cbf6483e08711958ee3  kdelibs-3.1.3-6.6.src.rpm

i386:
6d952551a98d11f296032defd42392bc  kdebase-3.1.3-5.4.i386.rpm
2693da75dd6670f631dab884775881cc  kdebase-devel-3.1.3-5.4.i386.rpm
266c7d206975aaaeddf4a611674e866e  kdelibs-3.1.3-6.6.i386.rpm
bafda78112a389994916b0b0ced83ee2  kdelibs-devel-3.1.3-6.6.i386.rpm

ia64:
841744faecd1ee54f3790a123395e999  kdebase-3.1.3-5.4.ia64.rpm
ad4280e59a322ebda1801b5624a6bd2a  kdebase-devel-3.1.3-5.4.ia64.rpm
f939dede59e2b87af5f8d32fb41bd7f2  kdelibs-3.1.3-6.6.ia64.rpm
0ea7d0872f7b9aaec7343fab3214791e  kdelibs-devel-3.1.3-6.6.ia64.rpm

ppc:
e658798e8a2b5b7e1c63261f4e401a0c  kdebase-3.1.3-5.4.ppc.rpm
9fe876d61e6cbee4450eb1790d666b88  kdebase-devel-3.1.3-5.4.ppc.rpm
478bbcde19aa9dfd6047d775b9b3fd97  kdelibs-3.1.3-6.6.ppc.rpm
d74c96bbdc599a943a0d73015487f1de  kdelibs-devel-3.1.3-6.6.ppc.rpm

s390:
62c50a1e7fa5950240cb2df7821a2cc1  kdebase-3.1.3-5.4.s390.rpm
6c19f7ec956aa49f2f5a2d425bd93da1  kdebase-devel-3.1.3-5.4.s390.rpm
c41cb46b8353ab23344901df9eb7d813  kdelibs-3.1.3-6.6.s390.rpm
e0fd226e4c616aa6f661184f837cbf26  kdelibs-devel-3.1.3-6.6.s390.rpm

s390x:
59899ed9813ae1b6f23756f600322a86  kdebase-3.1.3-5.4.s390x.rpm
075a689d597dc89b3afea95cb16c7c69  kdebase-devel-3.1.3-5.4.s390x.rpm
759d0d56fb3837b3bbca0bf74c6edd9a  kdelibs-3.1.3-6.6.s390x.rpm
8b26c56fcaa2bfa353a23ed80cf0de87  kdelibs-devel-3.1.3-6.6.s390x.rpm

x86_64:
272944753852fad10e47b9aad38af42a  kdebase-3.1.3-5.4.x86_64.rpm
a9473976663eeecc906887e1c2dcfcb8  kdebase-devel-3.1.3-5.4.x86_64.rpm
57fb61c68d0aeca7b998d36cd6597541  kdelibs-3.1.3-6.6.x86_64.rpm
1b75fa2f076385cd5d9f0d977a921c03  kdelibs-devel-3.1.3-6.6.x86_64.rpm

Red Hat Desktop version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/kdebase-3.1.3-5.4.src.rpm
e4d4e63c66ce9c682c85dc250e1e679d  kdebase-3.1.3-5.4.src.rpm
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/kdelibs-3.1.3-6.6.src.rpm
135f069e313d3cbf6483e08711958ee3  kdelibs-3.1.3-6.6.src.rpm

i386:
6d952551a98d11f296032defd42392bc  kdebase-3.1.3-5.4.i386.rpm
2693da75dd6670f631dab884775881cc  kdebase-devel-3.1.3-5.4.i386.rpm
266c7d206975aaaeddf4a611674e866e  kdelibs-3.1.3-6.6.i386.rpm
bafda78112a389994916b0b0ced83ee2  kdelibs-devel-3.1.3-6.6.i386.rpm

x86_64:
272944753852fad10e47b9aad38af42a  kdebase-3.1.3-5.4.x86_64.rpm
a9473976663eeecc906887e1c2dcfcb8  kdebase-devel-3.1.3-5.4.x86_64.rpm
57fb61c68d0aeca7b998d36cd6597541  kdelibs-3.1.3-6.6.x86_64.rpm
1b75fa2f076385cd5d9f0d977a921c03  kdelibs-devel-3.1.3-6.6.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/kdebase-3.1.3-5.4.src.rpm
e4d4e63c66ce9c682c85dc250e1e679d  kdebase-3.1.3-5.4.src.rpm
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/kdelibs-3.1.3-6.6.src.rpm
135f069e313d3cbf6483e08711958ee3  kdelibs-3.1.3-6.6.src.rpm

i386:
6d952551a98d11f296032defd42392bc  kdebase-3.1.3-5.4.i386.rpm
2693da75dd6670f631dab884775881cc  kdebase-devel-3.1.3-5.4.i386.rpm
266c7d206975aaaeddf4a611674e866e  kdelibs-3.1.3-6.6.i386.rpm
bafda78112a389994916b0b0ced83ee2  kdelibs-devel-3.1.3-6.6.i386.rpm

ia64:
841744faecd1ee54f3790a123395e999  kdebase-3.1.3-5.4.ia64.rpm
ad4280e59a322ebda1801b5624a6bd2a  kdebase-devel-3.1.3-5.4.ia64.rpm
f939dede59e2b87af5f8d32fb41bd7f2  kdelibs-3.1.3-6.6.ia64.rpm
0ea7d0872f7b9aaec7343fab3214791e  kdelibs-devel-3.1.3-6.6.ia64.rpm

x86_64:
272944753852fad10e47b9aad38af42a  kdebase-3.1.3-5.4.x86_64.rpm
a9473976663eeecc906887e1c2dcfcb8  kdebase-devel-3.1.3-5.4.x86_64.rpm
57fb61c68d0aeca7b998d36cd6597541  kdelibs-3.1.3-6.6.x86_64.rpm
1b75fa2f076385cd5d9f0d977a921c03  kdelibs-devel-3.1.3-6.6.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/kdebase-3.1.3-5.4.src.rpm
e4d4e63c66ce9c682c85dc250e1e679d  kdebase-3.1.3-5.4.src.rpm
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/kdelibs-3.1.3-6.6.src.rpm
135f069e313d3cbf6483e08711958ee3  kdelibs-3.1.3-6.6.src.rpm

i386:
6d952551a98d11f296032defd42392bc  kdebase-3.1.3-5.4.i386.rpm
2693da75dd6670f631dab884775881cc  kdebase-devel-3.1.3-5.4.i386.rpm
266c7d206975aaaeddf4a611674e866e  kdelibs-3.1.3-6.6.i386.rpm
bafda78112a389994916b0b0ced83ee2  kdelibs-devel-3.1.3-6.6.i386.rpm

ia64:
841744faecd1ee54f3790a123395e999  kdebase-3.1.3-5.4.ia64.rpm
ad4280e59a322ebda1801b5624a6bd2a  kdebase-devel-3.1.3-5.4.ia64.rpm
f939dede59e2b87af5f8d32fb41bd7f2  kdelibs-3.1.3-6.6.ia64.rpm
0ea7d0872f7b9aaec7343fab3214791e  kdelibs-devel-3.1.3-6.6.ia64.rpm

x86_64:
272944753852fad10e47b9aad38af42a  kdebase-3.1.3-5.4.x86_64.rpm
a9473976663eeecc906887e1c2dcfcb8  kdebase-devel-3.1.3-5.4.x86_64.rpm
57fb61c68d0aeca7b998d36cd6597541  kdelibs-3.1.3-6.6.x86_64.rpm
1b75fa2f076385cd5d9f0d977a921c03  kdelibs-devel-3.1.3-6.6.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key.html#package

7. References:

http://secunia.com/multiple_browsers_frame_injection_vulnerability_test/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0689
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0746
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0721

8. Contact:

The Red Hat security contact is <secalert at redhat.com>.  More contact
details at https://www.redhat.com/security/team/contact.html

Copyright 2004 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQFBYW78XlSAg2UNWIIRAkkiAJ9iuKmNQs5GZQ7+wfwucIs3wNQSYgCgmYal
4Boz0IrYVs6TlcZnARA+tvg=
=5kp7
- -----END PGP SIGNATURE-----


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i

iQEVAgUBQWK3Y3sh3gGuZiQlAQGYCQf+K5XjTHD6YQF9RmsulSL6w3Srvs+SEmzw
nQTGl91nmidnZ70vqx0buE1Kk4isHpJHmvxpdseSGn2YihmwKJNGW8hWmgkkikS0
FKBwIG+YLvEXx14pqRN0/0b5UVHArSOhFBmgrbhUm/dymYkoakSwEvIH8h/pzyln
GWZ7eJM15t0SMylo+mF1QyTSR1rX7FPYeyqWsAoakuvhWQIIiSnWQmpce2AO1kEc
ZavUCxhohQ4/jL8mbUgZNGUk/zSlem6cn1FHUpM3404BLi9a58poIApinbQIpKOl
aW8wzNbhmYT7xOGIkXeUOEHt3HWtIsHW5t7R95KfyuoYzZHte+ROtw==
=szx6
-----END PGP SIGNATURE-----




More information about the Security-Announce mailing list