Turbolinux Local Security Tests : Turbolinux TLSA-2003-45 (kdelibs)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.52952

Categoría: Turbolinux Local Security Tests

Título: Turbolinux TLSA-2003-45 (kdelibs)

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing an update to kdelibs
announced via advisory TLSA-2003-45.

Kdelibs are main libraries for the K Desktop Environment.
Konqueror may inadvertently send authentication credentials to
websites other than the intended website in clear text via the HTTP-referer
header when authentication credentials are passed as part of a URL in the
form of http://user:password@host/

Users of Konqueror may unknowingly distribute website
authentication credentials to third parties with links on the password
protected website. This may make it possible for those third parties to
gain unauthorized access to the password protected website.

Solution: Please use the turbopkg (zabom) tool to apply the update.
https://secure1.securityspace.com/smysecure/catid.html?in=TLSA-2003-45

Risk factor : Medium

CVSS Score:
5.0

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2003-0459
Bugtraq: 20030802 [slackware-security] KDE packages updated (SSA:2003-213-01) (Google Search)
http://marc.info/?l=bugtraq&m=105986238428061&w=2
Conectiva Linux advisory: CLA-2003:747
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000747
Debian Security Information: DSA-361 (Google Search)
http://www.debian.org/security/2003/dsa-361
http://lists.grok.org.uk/pipermail/full-disclosure/2003-July/007300.html
http://www.mandriva.com/security/advisories?name=MDKSA-2003:079
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A411
http://www.redhat.com/support/errata/RHSA-2003-235.html
http://www.redhat.com/support/errata/RHSA-2003-236.html
TurboLinux Advisory: TLSA-2003-45
http://www.turbolinux.com/security/TLSA-2003-45.txt

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.52952
Categoría:	Turbolinux Local Security Tests
Título:	Turbolinux TLSA-2003-45 (kdelibs)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to kdelibs announced via advisory TLSA-2003-45. Kdelibs are main libraries for the K Desktop Environment. Konqueror may inadvertently send authentication credentials to websites other than the intended website in clear text via the HTTP-referer header when authentication credentials are passed as part of a URL in the form of http://user:password@host/ Users of Konqueror may unknowingly distribute website authentication credentials to third parties with links on the password protected website. This may make it possible for those third parties to gain unauthorized access to the password protected website. Solution: Please use the turbopkg (zabom) tool to apply the update. https://secure1.securityspace.com/smysecure/catid.html?in=TLSA-2003-45 Risk factor : Medium CVSS Score: 5.0
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2003-0459 Bugtraq: 20030802 [slackware-security] KDE packages updated (SSA:2003-213-01) (Google Search) http://marc.info/?l=bugtraq&m=105986238428061&w=2 Conectiva Linux advisory: CLA-2003:747 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000747 Debian Security Information: DSA-361 (Google Search) http://www.debian.org/security/2003/dsa-361 http://lists.grok.org.uk/pipermail/full-disclosure/2003-July/007300.html http://www.mandriva.com/security/advisories?name=MDKSA-2003:079 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A411 http://www.redhat.com/support/errata/RHSA-2003-235.html http://www.redhat.com/support/errata/RHSA-2003-236.html TurboLinux Advisory: TLSA-2003-45 http://www.turbolinux.com/security/TLSA-2003-45.txt
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com