Bug 64421 (CVE-2004-1145)

Summary: VUL-0: CVE-2004-1145: KDE Security Advisory: Konqueror Java
Product: [Novell Products] SUSE Security Incidents Reporter: Waldo Bastian <bastian>
Component: IncidentsAssignee: Marcus Meissner <meissner>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium CC: security-team
Version: unspecified   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard: CVE-2004-1145: CVSS v2 Base Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N)
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Waldo Bastian 2004-12-21 00:22:54 UTC 
KDE Security Advisory: Konqueror Java Vulnerability 
Original Release Date: 2004-12-20 
URL: http://www.kde.org/info/security/advisory-20041220-1.txt 
 
0. References 
 
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1145 
        http://www.heise.de/security/dienste/browsercheck/tests/java.shtml 
 
1. Systems affected: 
 
        All versions of KDE up to KDE 3.3.1 inclusive. KDE 3.3.2 is not 
        affected. 
 
 
2. Overview: 
 
        Two flaws in the Konqueror webbrowser make it possible to by pass 
        the sandbox environment which is used to run Java-applets. 
        One flaw allows access to restricted Java classes via JavaScript, 
        making it possible to escalate the privileges of the Java-applet. 
        The other problem is that Konqueror fails to correctly restrict 
        access to certain Java classes from the Java-applet itself. 
 
        The Common Vulnerabilities and Exposures project (cve.mitre.org) 
        has assigned the name CAN-2004-1145 to this issue. 
 
 
3. Impact: 
 
        When a user has Java enabled in Konqueror and visits a malicious 
        website, the website can run a Java-applet and obtain escalated 
        privileges allowing reading and writing of arbitrary files with 
        the privileges of the user. 
 
 
4. Solution: 
 
        Upgrade to KDE 3.3.2 
 
        A backport has been made available for older versions which fixes 
        this vulnerability. Contact your OS vendor / binary package provider 
        for information about how to obtain updated binary packages. 
 
 
5. Patch: 
 
        For KDE 3.2.3 a backport of the new Java handling is available from 
        ftp://ftp.kde.org/pub/kde/security_patches : 
 
  7fc001d010c640738ed7d2fe347f002d  post-3.2.3-kdelibs-khtml-java.tar.bz2 
 
 
6. Time line and credits: 
 
        24/11/2004 security@kde.org contacted by heise Security 
        29/11/2004 Fixed in KDE CVS by Koos Vriezen 
        14/12/2004 Backport for KDE 3.2.3 
        20/12/2004 KDE Advisory released
Comment 1 Waldo Bastian 2004-12-21 00:22:55 UTC 
<!-- SBZ_reproduce  -->
See http://www.heise.de/security/dienste/browsercheck/tests/java.shtml
Comment 2 Marcus Meissner 2005-01-03 18:55:01 UTC 
SWAMPID: 96 
 
(for use in patchinfo files)
Comment 3 Adrian Schröter 2005-01-05 18:08:47 UTC 
packages and patch info files are submitted.
Comment 4 Marcus Meissner 2005-01-27 17:02:52 UTC 
packages approved
Comment 5 Thomas Biege 2009-10-13 20:07:45 UTC 
CVE-2004-1145: CVSS v2 Base Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N)