Comment 1 for bug 11467

Message-ID: <email address hidden>
Date: Sat, 25 Dec 2004 14:00:01 -0500
From: Ian Gulliver <email address hidden>
To: <email address hidden>
Subject: KIOSlave FTP client can be made to send email

--ieNMXl1Fr3cevapt
Content-Type: multipart/mixed; boundary="CblX+4bnyfN0pR09"
Content-Disposition: inline

--CblX+4bnyfN0pR09
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Package: kdelibs
Version: 3.2.3-2
Severity: grave

The KIOSlave FTP client is vulnerable to the same exploit as Internet
Explorer:

http://lists.netsys.com/pipermail/full-disclosure/2004-December/030229.html

Anything that can pass an FTP URL to it, i.e. a malicious website viewed
in Konqueror, can cause it to send mail without user interaction. A
proposed, untested patch is attached.

--=20
Ian Gulliver
Penguin Hosting
"Failure is not an option; it comes bundled with your Microsoft products."

--CblX+4bnyfN0pR09
Content-Type: text/plain; charset=us-ascii
Content-Disposition: attachment; filename="kdelibs-3.2.3-ftp-fixed.patch"
Content-Transfer-Encoding: quoted-printable

--- kdelibs-3.2.3/kioslave/ftp/ftp.cc 2004-02-15 16:15:27.000000000 -0500
+++ kdelibs-3.2.3-ftp-fixed/kioslave/ftp/ftp.cc 2004-12-25 00:44:27.0000000=
00 -0500
@@ -652,6 +652,9 @@
 {
   assert( sControl > 0 );
=20
+ if (cmd.find('\r') !=3D -1 || cmd.find('\n') !=3D -1)
+ return false;
+
   QCString buf =3D cmd;
   buf +=3D "\r\n";
=20

--CblX+4bnyfN0pR09--

--ieNMXl1Fr3cevapt
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFBzbiwefI+qeoOjxURAnDdAJ98uPfcgnzhhWu6xmPaChvf7W6vKQCaAxJB
F9yG6jHeAtX6IEDfPn6gy5M=
=BikT
-----END PGP SIGNATURE-----

--ieNMXl1Fr3cevapt--