Vulnerability Scanning Solutions, LLC.
Our Process
What We Scan For
Sample Report
Client List
Contact Us
What We Scan For
Family: Debian Local Security Checks --> Category: infos

[DSA167] DSA-167-1 kdelibs Vulnerability Scan

Vulnerability Scan Summary
DSA-167-1 kdelibs

Detailed Explanation for this Vulnerability Test

A cross site scripting problem has been discovered in Konqueror, a
famous browser for KDE and other programs using KHTML. The KDE team
that Konqueror's cross site scripting protection fails to
initialize the domains on sub-(i)frames correctly. As a result,
JavaScript is able to access any foreign subframe which is defined in
the HTML source. Users of Konqueror and other KDE software that uses
the KHTML rendering engine may become victim of a cookie stealing and
other cross site scripting attacks.
This problem has been fixed in version 2.2.2-13.woody.3 for the
current stable distribution (woody) and in version 2.2.2-14 for the
unstable distribution (sid). The old stable distribution (potato) is
not affected since it didn't ship KDE.
We recommend that you upgrade your kdelibs package and restart

Solution :
Threat Level: High

Click HERE for more information and discussions on this network vulnerability scan.


P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.