New Search

Konqueror URI Handler "-" Filter Vulnerability

oval:org.mitre.oval:def:954

The URI handlers in Konqueror for KDE 3.2.2 and earlier do not properly filter "-" characters that begin a hostname in a (1) telnet (2) rlogin (3) ssh or (4) mailto URI which allows remote attackers to manipulate the options that are passed to the associated programs possibly to read arbitrary files or execute arbitrary code.

Family:
unix
Status:
ACCEPTED
Platform(s):
  • Red Hat Enterprise Linux 3
Class:
vulnerability
Reference(s):
  • CVE-2004-0411
Product(s):