• Product Information
• Security Products Overview
• Juniper Networks ISG Series
• IDP Demo
• Product Poster & Z-Card 

Title: KDE Konqueror Remote Download Dialog Box Source URI Spoofing Vulnerability

Severity: MODERATE

Description:

KDE Konqueror is a freely available, open source web browser distributed and maintained by the KDE project. It is available for the UNIX and Linux operating systems.

A remote source URI dialog spoofing vulnerability affects KDE Konqueror. This issue is due to a design error that allows the source URI in a download dialog box to be misrepresented.

The problem presents itself as the application fails to properly represent source URI strings of excessive length. Apparently long sub-domains and file paths are improperly rendered, allowing an attacker to manipulate the source URI presented to unsuspecting users.

An attacker may leverage this issue to spoof the source URI of a file presented to an unsuspecting user. This may lead to a false sense of trust as the unsuspecting user may be presented with a source URI of a trusted site.

Affected Products:

• KDE KDE 3.0.0
• KDE KDE 3.0.1
• KDE KDE 3.0.2
• KDE KDE 3.0.3
• KDE KDE 3.1.1
• KDE KDE 3.1.2
• KDE Konqueror 3.0.0
• KDE Konqueror 3.0.1
• KDE Konqueror 3.0.2
• KDE Konqueror 3.0.3
• KDE Konqueror 3.0.5
• KDE Konqueror 3.0.5 b
• KDE Konqueror 3.1.0
• KDE Konqueror 3.1.1
• KDE Konqueror 3.1.2
• KDE Konqueror 3.1.3
• KDE Konqueror 3.1.4
• KDE Konqueror 3.1.5
• KDE Konqueror 3.2.1
• KDE Konqueror 3.2.2 -6
• KDE Konqueror 3.2.3
• KDE Konqueror 3.3.0
• KDE Konqueror 3.3.1
• KDE Konqueror 3.3.2
• MandrakeSoft Corporate Server 2.1.0
• MandrakeSoft Linux Mandrake 9.0.0
• MandrakeSoft Linux Mandrake 9.1.0
• MandrakeSoft Linux Mandrake 9.1.0 ppc

References:

• KDE: Bug 96297: Konqueror Download Dialog Source Spoofing
• KDE: Konqueror Homepage

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.