Vulnerability Scanning Solutions, LLC.
Our Process
What We Scan For
Sample Report
Client List
Contact Us
What We Scan For
Family: Mandrake Local Security Checks --> Category: infos

MDKSA-2004:150: kdelibs Vulnerability Scan

Vulnerability Scan Summary
Check for the version of the kdelibs package

Detailed Explanation for this Vulnerability Test

The remote host is missing the patch for the advisory MDKSA-2004:150 (kdelibs).

Daniel Fabian discovered a potential privacy issue in KDE. When creating a link
to a remote file from various applications, including Konqueror, the resulting
URL may contain the authentication credentials used to access that remote
resource. This includes, but is not limited to, browsing SMB (Samba) shares.
Upon further investigation, it was found that the SMB protocol handler also
unnecessarily exposed authentication credentials (CVE-2004-1171).

Another vulnerability was discovered where a malicious website could abuse
Konqueror to load its own content into a window or tab that was opened by a
trusted website, or it could trick a trusted website into loading content into
an existing window or tab. This could lead to the user being confused as to the
origin of a particular webpage and could have the user unknowingly send
confidential information intended for a trusted site to the malicious site

The updated packages contain a patch from the KDE team to solve this issue.

Additionally, the kdelibs and kdebase packages for Mandrakelinux 10.1 contain
numerous bugfixes. New qt3 packages are being provided for Mandrakelinux 10.0
that are required to build the kdebase package.

Solution :
Threat Level: High

Click HERE for more information and discussions on this network vulnerability scan.


P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.