Message-ID: <email address hidden>
Date: Sat, 25 Dec 2004 14:00:01 -0500
From: Ian Gulliver <email address hidden>
To: <email address hidden>
Subject: KIOSlave FTP client can be made to send email
Anything that can pass an FTP URL to it, i.e. a malicious website viewed
in Konqueror, can cause it to send mail without user interaction. A
proposed, untested patch is attached.
--=20
Ian Gulliver
Penguin Hosting
"Failure is not an option; it comes bundled with your Microsoft products."
Message-ID: <email address hidden>
Date: Sat, 25 Dec 2004 14:00:01 -0500
From: Ian Gulliver <email address hidden>
To: <email address hidden>
Subject: KIOSlave FTP client can be made to send email
--ieNMXl1Fr3cevapt "CblX+4bnyfN0pR 09" Disposition: inline
Content-Type: multipart/mixed; boundary=
Content-
--CblX+4bnyfN0pR09 Disposition: inline Transfer- Encoding: quoted-printable
Content-Type: text/plain; charset=us-ascii
Content-
Content-
Package: kdelibs
Version: 3.2.3-2
Severity: grave
The KIOSlave FTP client is vulnerable to the same exploit as Internet
Explorer:
http:// lists.netsys. com/pipermail/ full-disclosure /2004-December/ 030229. html
Anything that can pass an FTP URL to it, i.e. a malicious website viewed
in Konqueror, can cause it to send mail without user interaction. A
proposed, untested patch is attached.
--=20
Ian Gulliver
Penguin Hosting
"Failure is not an option; it comes bundled with your Microsoft products."
--CblX+4bnyfN0pR09 Disposition: attachment; filename= "kdelibs- 3.2.3-ftp- fixed.patch" Transfer- Encoding: quoted-printable
Content-Type: text/plain; charset=us-ascii
Content-
Content-
--- kdelibs- 3.2.3/kioslave/ ftp/ftp. cc 2004-02-15 16:15:27.000000000 -0500 3.2.3-ftp- fixed/kioslave/ ftp/ftp. cc 2004-12-25 00:44:27.0000000=
+++ kdelibs-
00 -0500
@@ -652,6 +652,9 @@
{
assert( sControl > 0 );
=20
+ if (cmd.find('\r') !=3D -1 || cmd.find('\n') !=3D -1)
+ return false;
+
QCString buf =3D cmd;
buf +=3D "\r\n";
=20
--CblX+ 4bnyfN0pR09- -
--ieNMXl1Fr3cevapt pgp-signature; name="signature .asc" Description: Digital signature Disposition: inline
Content-Type: application/
Content-
Content-
-----BEGIN PGP SIGNATURE-----
+qeoOjxURAnDdAJ 98uPfcgnzhhWu6x mPaChvf7W6vKQCa AxJB fPn6gy5M=
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFBzbiwefI
F9yG6jHeAtX6IED
=BikT
-----END PGP SIGNATURE-----
--ieNMXl1Fr3cev apt--