|
|
Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200501-16] Konqueror: Java sandbox vulnerabilities Vulnerability Scan
Vulnerability Scan Summary
Konqueror: Java sandbox vulnerabilities
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200501-16
(Konqueror: Java sandbox vulnerabilities)
Konqueror contains two errors that allow JavaScript scripts and Java
applets to have access to restricted Java classes.
Impact
A remote attacker could embed a malicious Java applet in a web page and
entice a victim to view it. This applet can then bypass security
restrictions and execute any command, or access any file with the
rights of the user running Konqueror.
Workaround
There is no known workaround at this time.
References:
http://www.kde.org/info/security/advisory-20041220-1.txt
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1145
Solution:
All kdelibs users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose kde-base/kdelibs
Threat Level: Medium
Click HERE for more information and discussions on this network vulnerability scan.
|
