Launchpad CVE tracker

CVE 2004-1165

Konqueror 3.3.1 allows remote attackers to execute arbitrary FTP commands via an ftp:// URL that contains a URL-encoded newline ("%0a") before the FTP command, which causes the commands to be inserted into the resulting FTP session, as demonstrated using a PORT command.

Related bugs and status

CVE-2004-1165 (Candidate) is related to these bugs:

Bug #11326: kdelibs: CAN-2004-1145: Konqueror Java Vulnerability

Summary				In	Importance	Status
	11326	kdelibs: CAN-2004-1145: Konqueror Java Vulnerability		kdelibs (Ubuntu)	High	Fix Released
	11326	kdelibs: CAN-2004-1145: Konqueror Java Vulnerability		kdelibs (Debian)	Unknown	Fix Released

Bug #11467: KIOSlave FTP client can be made to send email

Summary				In	Importance	Status
	11467	KIOSlave FTP client can be made to send email		kdelibs (Ubuntu)	High	Invalid
	11467	KIOSlave FTP client can be made to send email		kdelibs (Debian)	Unknown	Fix Released

Bug #11565: CAN-2004-1165: FTP command injection bug

Summary				In	Importance	Status
	11565	CAN-2004-1165: FTP command injection bug		kdelibs (Ubuntu)	High	Fix Released
	11565	CAN-2004-1165: FTP command injection bug		kdelibs (Debian)	Unknown	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2004-1165

References