author: Jacques Vidrine <nectar@FreeBSD.org> 2004-08-26 20:15:22 +0000
committer: Jacques Vidrine <nectar@FreeBSD.org> 2004-08-26 20:15:22 +0000
commit: 80e7374bc1be6d42e8441a750cf41f147e483ed7 (patch)
tree: 033d4da28957b4ebfd6307e0489696da7bee7b23
parent: ed2a69bb0e79b031bfbc2c6814f230cd04215826 (diff)
download: ports-80e7374bc1be6d42e8441a750cf41f147e483ed7.tar.gz
ports-80e7374bc1be6d42e8441a750cf41f147e483ed7.zip
3 files changed, 45 insertions, 2 deletions
diff --git a/ports-mgmt/portaudit-db/database/portaudit.txt b/ports-mgmt/portaudit-db/database/portaudit.txt
index 21b37bc9b40b..f83512e22173 100644
--- a/ports-mgmt/portaudit-db/database/portaudit.txt
+++ b/ports-mgmt/portaudit-db/database/portaudit.txt
@@ -69,6 +69,5 @@ phpgedview<2.65.5|http://sourceforge.net/forum/forum.php?forum_id=344342 http://
 gallery<1.4.4.1|http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0757.html http://xforce.iss.net/xforce/xfdb/17021 http://www.osvdb.org/9019 http://secunia.com/advisories/12316|Gallery arbitrary PHP file upload|031663de-f0a6-11d8-81b0-000347a4fa7d
 apache>=2.*<2.0.50_2|http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0751 http://issues.apache.org/bugzilla/show_bug.cgi?id=30134 http://issues.apache.org/bugzilla/show_bug.cgi?id=27945 http://issues.apache.org/bugzilla/show_bug.cgi?id=29690|potential security flaws in mod_ssl|0e08f539-f151-11d8-81b0-000347a4fa7d
 a2ps-{a4,letter,letterdj}<4.13b_2|http://www.freebsd.org/cgi/query-pr.cgi?pr=70618|a2ps: Possible execution of shell commands as local user|8091fcea-f35e-11d8-81b0-000347a4fa7d
-kdelibs<3.2.3_3|http://www.kde.org/info/security/advisory-20040823-1.txt http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0746 http://www.osvdb.org/9117 http://secunia.com/advisories/12341|Konqueror cross-domain cookie injection|2797b27a-f55b-11d8-81b0-000347a4fa7d
 {ja-,}xv<=3.10a_3|http://secunia.com/advisories/12352 http://www.securityfocus.com/archive/1/372345 http://www.osvdb.org/9115 http://www.osvdb.org/9118 http://www.osvdb.org/9119 http://www.osvdb.org/9120|multiple buffer overflows in xv|34c453ba-f686-11d8-81b0-000347a4fa7d
 nss<3.9.2|http://xforce.iss.net/xforce/alerts/id/180 http://secunia.com/advisories/12362 http://www.osvdb.org/9116|Netscape network security services (NSS) library SSL remote buffer overflow|207f8ff3-f697-11d8-81b0-000347a4fa7d
diff --git a/security/portaudit-db/database/portaudit.txt b/security/portaudit-db/database/portaudit.txt
index 21b37bc9b40b..f83512e22173 100644
--- a/security/portaudit-db/database/portaudit.txt
+++ b/security/portaudit-db/database/portaudit.txt
@@ -69,6 +69,5 @@ phpgedview<2.65.5|http://sourceforge.net/forum/forum.php?forum_id=344342 http://
 gallery<1.4.4.1|http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0757.html http://xforce.iss.net/xforce/xfdb/17021 http://www.osvdb.org/9019 http://secunia.com/advisories/12316|Gallery arbitrary PHP file upload|031663de-f0a6-11d8-81b0-000347a4fa7d
 apache>=2.*<2.0.50_2|http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0751 http://issues.apache.org/bugzilla/show_bug.cgi?id=30134 http://issues.apache.org/bugzilla/show_bug.cgi?id=27945 http://issues.apache.org/bugzilla/show_bug.cgi?id=29690|potential security flaws in mod_ssl|0e08f539-f151-11d8-81b0-000347a4fa7d
 a2ps-{a4,letter,letterdj}<4.13b_2|http://www.freebsd.org/cgi/query-pr.cgi?pr=70618|a2ps: Possible execution of shell commands as local user|8091fcea-f35e-11d8-81b0-000347a4fa7d
-kdelibs<3.2.3_3|http://www.kde.org/info/security/advisory-20040823-1.txt http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0746 http://www.osvdb.org/9117 http://secunia.com/advisories/12341|Konqueror cross-domain cookie injection|2797b27a-f55b-11d8-81b0-000347a4fa7d
 {ja-,}xv<=3.10a_3|http://secunia.com/advisories/12352 http://www.securityfocus.com/archive/1/372345 http://www.osvdb.org/9115 http://www.osvdb.org/9118 http://www.osvdb.org/9119 http://www.osvdb.org/9120|multiple buffer overflows in xv|34c453ba-f686-11d8-81b0-000347a4fa7d
 nss<3.9.2|http://xforce.iss.net/xforce/alerts/id/180 http://secunia.com/advisories/12362 http://www.osvdb.org/9116|Netscape network security services (NSS) library SSL remote buffer overflow|207f8ff3-f697-11d8-81b0-000347a4fa7d
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml
index a93a5230d19e..b7148b326fd8 100644
--- a/security/vuxml/vuln.xml
+++ b/security/vuxml/vuln.xml
@@ -32,6 +32,51 @@ EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
 -->
 <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+  <vuln vid="2797b27a-f55b-11d8-81b0-000347a4fa7d">
+    <topic>kdelibs -- konqueror cross-domain cookie injection</topic>
+    <affects>
+      <package>
+        <name>kdelibs</name>
+        <range><lt>3.2.3_3</lt></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">
+	<p>According to a KDE Security Advisory:</p>
+	<blockquote cite="http://www.kde.org/info/security/advisory-20040823-1.txt">
+          <p>WESTPOINT internet reconnaissance services alerted the
+            KDE security team that the KDE web browser Konqueror
+            allows websites to set cookies for certain country
+            specific secondary top level domains.</p>
+          <p>Web sites operating under the affected domains can
+           set HTTP cookies in such a way that the Konqueror web
+           browser will send them to all other web sites operating
+           under the same domain.  A malicious website can use
+           this as part of a session fixation attack. See e.g.
+           http://www.acros.si/papers/session_fixation.pdf</p>
+         <p>Affected are all country specific secondary top level
+          domains that use more than 2 characters in the secondary
+          part of the domain name and that use a secondary part other
+          than com, net, mil, org, gov, edu or int. Examples of
+          affected domains are .ltd.uk, .plc.uk and .firm.in</p>
+	<p>It should be noted that popular domains such as .co.uk, .co.in
+	  and .com are NOT affected.</p>
+	</blockquote>
+      </body>
+    </description>
+    <references>
+      <cvename>CAN-2004-0746</cvename>
+      <url>http://www.kde.org/info/security/advisory-20040823-1.txt</url>
+      <url>http://www.osvdb.org/9117</url>
+      <url>http://secunia.com/advisories/12341</url>
+      <url>http://www.acros.si/papers/session_fixation.pdf</url>
+    </references>
+    <dates>
+      <discovery>2004-08-23</discovery>
+      <entry>2004-08-26</entry>
+    </dates>
+  </vuln>
+
   <vuln vid="bef4515b-eaa9-11d8-9440-000347a4fa7d">
     <topic>xine -- vcd URL buffer overflow</topic>
     <affects>
author	Jacques Vidrine <nectar@FreeBSD.org>	2004-08-26 20:15:22 +0000
committer	Jacques Vidrine <nectar@FreeBSD.org>	2004-08-26 20:15:22 +0000
commit	80e7374bc1be6d42e8441a750cf41f147e483ed7 (patch)
tree	033d4da28957b4ebfd6307e0489696da7bee7b23
parent	ed2a69bb0e79b031bfbc2c6814f230cd04215826 (diff)
download	ports-80e7374bc1be6d42e8441a750cf41f147e483ed7.tar.gz ports-80e7374bc1be6d42e8441a750cf41f147e483ed7.zip