CAN-2005-0404: HTML content spoofing
Bug #16325 reported by
Debian Bug Importer
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
KDE PIM |
Fix Released
|
Medium
|
|||
kdepim (Debian) |
Fix Released
|
Unknown
|
|||
kdepim (Ubuntu) |
Fix Released
|
Medium
|
Jonathan Riddell |
Bug Description
Automatically imported from Debian bug report #305601 http://
CVE References
Changed in kdepim: | |
status: | New → Fix Released |
Changed in kdepim: | |
importance: | Unknown → Medium |
Changed in kdepim (Debian): | |
status: | Confirmed → Fix Released |
To post a comment you must log in.
Message-Id: <email address hidden>
Date: Thu, 21 Apr 2005 10:34:51 +1000
From: "Geoff Crompton" <email address hidden>
To: Debian Bug Tracking System <email address hidden>
Subject: CAN-2005-0404: serious content spoofing vulnerability
Package: kmail
Severity: grave
Justification: user security hole
For more information see: www.securityfoc us.com/ bid/13085
http://
In summary:
> A remote email message content spoofing vulnerability affects KDE
> KMail. This issue is due to a failure of the application to properly
> sanitize HTML email messages.
> An attacker may leverage this issue to spoof email content and various
> header fields of email messages. This may aid an attacker in
> conducting phishing and social engineering attacks by spoofing PGP
> keys as well as other critical information.
securityfocus list 3.3.2 as vulnerable, which is currently in Sarge and
Sid. No idea if it would affect 2.2.2 which is in Woody.
See KDE bug 96020.
Work around is to disable HTML email.
-- System Information: ISO-8859- 1)
Debian Release: 3.1
APT prefers testing
APT policy: (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.6.8-2-686-smp
Locale: LANG=en_AU, LC_CTYPE=en_AU (charmap=