KDE: 2 Konqueror vulnerabilities

[problemchild]

The KDE project has released two security advisories for the popular Konqueror web browser. The advisories cover a cross-site scripting vulnerability and secure cookie handling.

KDE Security Advisory: Secure Cookie Vulnerability Original Release Date: 2002-09-08
URL: http://www.kde.org/info/security/adv...20020908-1.txt

0. References
None.

1. Systems affected:
Konqueror in KDE 3.0, KDE 3.0.1 and KDE 3.0.2.
KDE 2.2.2 and KDE 3.0.3 are NOT affected.

2. Overview:
Konqueror fails to detect the "secure" flag in HTTP cookies and as a result may send secure cookies back to the originating site over an unencrypted network connection.

3. Impact:
A secure session that relies solely on secure cookies for identifying the session can possibly be hijacked, or an account
which relies solely on secure cookies for logging on may be compromised, by an attacker who manages to eavesdrop on the unencrypted network connection.

4. Solution:
Upgrade to KDE 3.0.3 in which this problem is fixed or apply the patch below.

5. Patch:
A patch for KDE 3.0, KDE 3.0.1 and KDE 3.0.2 is available from ftp://ftp.kde.org/pub/kde/security_patches :

KDE Security Advisory: Konqueror Cross Site Scripting Vulnerability Original Release Date: 2002-09-08
URL: http://www.kde.org/info/security/adv...20020908-2.txt

0. References
http://online.securityfocus.com/arch...3/2002-09-09/0

1. Systems affected:

KDE 2.2.2
KDE 3.0 - 3.0.3

2. Overview:

Konqueror's cross Site scripting protection fails to initialize the domains on sub-(i)frames correctly. As a result, Javascript can access any foreign subframe which is defined in the HTML source.

3. Impact:

Users of Konqueror and other KDE software that uses the KHTML rendering engine may fall victim of a cookie stealing and other cross site scripting attacks.

4. Solution:

Apply the appended patch to kdelibs, update to the kdelibs-3.0.3a or, as a workaround, disable Javascript or cookies.

kdelibs-3.0.3a can be downloaded from
http://download.kde.org/stable/3.0.3 :

02627f595af113f7d544561a7ff6ec85 kdelibs-3.0.3a.tar.bz2


5. Patch:

A patch for KDE 3.0.3 is available from

ftp://ftp.kde.org/pub/kde/security_patches :

523b2fb677310792cbb04861f358d08d post-3.0.3-kdelibs-khtml.diff

A patch for KDE 2.2.2 is available from

ftp://ftp.kde.org/pub/kde/security_patches :

b0b23c3caa062c60375a1160418a2810 post-2.2.2-kdelibs-khtml.diff