HTTP: HTML URL TELNET Command Line Options File Clobber
This signature detects TELNET URLs in HTML documents that contain debug or tracefile options. Attackers can entice victims to click on a TELNET URL on a Web page, causing arbitrary files to be overwritten on the victim's computer.
Extended Description
It has been reported that KDE is prone to multiple input validation vulnerabilities in various URI handlers. The issues are reported to exist due to insufficient sanitization of user-supplied input by the telnet, rlogin, ssh and mailto URI handlers. Specifically, if a '-' character is present at the beginning of a host name, options may be passed to the programs to carry out an attack.
Affected Products
Kde kde
Short Name
HTTP:STC:TELNET-URL-OPTS
Severity
Minor
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
CVE-2004-0411 Clobber Command File HTML Line Options TELNET URL bid:10358
Release Date
05/19/2004
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Unknown
Vendors
Red_hat
Kde
Conectiva
CVSS Score
7.5