Latest LQ Deal: Latest LQ Deals
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


  Search this Thread
Old 12-21-2004, 02:39 PM   #1
LQ Newbie
Registered: Oct 2003
Posts: 25

Rep: Reputation: 15
KDE Security Advisory: Konqueror Java Vulnerability

when i was searching for a new ver of KDE i found this @ KDE Security link

KDE Security Advisory: Konqueror Java Vulnerability
Original Release Date: 2004-12-20

0. References

1. Systems affected:

All versions of KDE up to KDE 3.3.1 inclusive. KDE 3.3.2 is not

2. Overview:

Two flaws in the Konqueror webbrowser make it possible to by pass
the sandbox environment which is used to run Java-applets.
One flaw allows access to restricted Java classes via JavaScript,
making it possible to escalate the privileges of the Java-applet.
The other problem is that Konqueror fails to correctly restrict
access to certain Java classes from the Java-applet itself.

The Common Vulnerabilities and Exposures project (
has assigned the name CAN-2004-1145 to this issue.

3. Impact:

When a user has Java enabled in Konqueror and visits a malicious
website, the website can run a Java-applet and obtain escalated
privileges allowing reading and writing of arbitrary files with
the privileges of the user.

4. Solution:

Upgrade to KDE 3.3.2

A backport has been made available for older versions which fixes
this vulnerability. Contact your OS vendor / binary package provider
for information about how to obtain updated binary packages.

5. Patch:

For KDE 3.2.3 a backport of the new Java handling is available from :

7fc001d010c640738ed7d2fe347f002d post-3.2.3-kdelibs-khtml-java.tar.bz2

6. Time line and credits:

24/11/2004 contacted by heise Security
29/11/2004 Fixed in KDE CVS by Koos Vriezen
14/12/2004 Backport for KDE 3.2.3
20/12/2004 KDE Advisory released



Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Security: Java plugin vulnerability!! peacebwitchu Linux - Security 0 11-25-2004 05:48 PM
Konqueror and Java problem in KDE 3.2 stonehurstX11 Mandriva 6 04-27-2004 07:22 PM
Slackware Security Advisory php Linux - Security 0 11-04-2003 09:44 PM
OpenSSH - Major Security Vulnerability jeremy Linux - Security 9 06-27-2002 09:36 PM
Red Hat Security Advisory Aussie Linux - Security 0 02-28-2002 12:12 AM > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 10:46 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration