CVE-2007-1564
published 2007-03-21CVE-2007-1564: The FTP protocol implementation in Konqueror 3.5.5 allows remote servers to force the client to connect to other servers, perform a proxied port scan, or…
PriorityP432medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
3.78%
88.6th percentile
The FTP protocol implementation in Konqueror 3.5.5 allows remote servers to force the client to connect to other servers, perform a proxied port scan, or obtain sensitive information by specifying an alternate server address in an FTP PASV response.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| kde | konqueror | — | — |
CVSS provenance
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
vendor_redhat6.8MEDIUM
vendor_ubuntu4.3MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-2vfx-mj86-p92f: The FTP protocol implementation in Konqueror 3
ghsa_unreviewed·2022-05-01
CVE-2007-1564 [MEDIUM] CWE-200 GHSA-2vfx-mj86-p92f: The FTP protocol implementation in Konqueror 3
The FTP protocol implementation in Konqueror 3.5.5 allows remote servers to force the client to connect to other servers, perform a proxied port scan, or obtain sensitive information by specifying an alternate server address in an FTP PASV response.
Ubuntu
KDE library vulnerabilities
vendor_ubuntu·2007-03-29·CVSS 4.3
CVE-2007-1564 [MEDIUM] KDE library vulnerabilities
Title: KDE library vulnerabilities
Summary: KDE library vulnerabilities
It was discovered that Konqueror did not correctly handle iframes from
JavaScript. If a user were tricked into visiting a malicious website,
Konqueror could crash, resulting in a denial of service. (CVE-2007-1308)
A flaw was discovered in how Konqueror handled PASV FTP responses. If a
user were tricked into visiting a malicious FTP server, a remote
attacker could perform a port-scan of machines within the user's
network, leading to private information disclosure. (CVE-2007-1564)
Instructions: After a standard system upgrade you need to restart your session or
reboot your computer to effect the necessary changes.
Red Hat
FTP protocol PASV design flaw affects konqueror
vendor_redhat·2007-03-22·CVSS 6.8
CVE-2007-1564 [MEDIUM] FTP protocol PASV design flaw affects konqueror
FTP protocol PASV design flaw affects konqueror
The FTP protocol implementation in Konqueror 3.5.5 allows remote servers to force the client to connect to other servers, perform a proxied port scan, or obtain sensitive information by specifying an alternate server address in an FTP PASV response.
Statement: The Red Hat Product Security has rated this issue as having low security impact, a future update may address this flaw.
More information regarding issue severity can be found here:
https://access.redhat.com/security/updates/classification/
No detection rules found.
Bugzilla
CVE-2007-1308 kdelibs KDE JavaScript denial of service (crash)
bugzilla·2007-09-21·CVSS 4.3
CVE-2007-1308 [MEDIUM] CVE-2007-1308 kdelibs KDE JavaScript denial of service (crash)
CVE-2007-1308 kdelibs KDE JavaScript denial of service (crash)
Common Vulnerabilities and Exposures assigned an identifier CVE-2007-1308 to the following vulnerability:
ecma/kjs_html.cpp in KDE JavaScript (KJS), as used in Konqueror in KDE 3.5.5, allows remote attackers to cause a denial of service (crash) by accessing the content of an iframe with an ftp:// URI in the src attribute, probably due to a NULL pointer dereference.
References:
http://lists.grok.org.uk/pipermail/full-disclosure/2007-March/052793.html
http://bindshell.net/advisories/konq355
http://bindshell.net/advisories/konq355/konq355-patch.diff
http://www.securityfocus.com/bid/22814
Discussion:
Patch for this issue is included in KDE security advisory:
http://www.kde.org/info/security/advisory-20070326-1.txt
CVE name
Bugzilla
CVE-2007-1564 FTP protocol PASV design flaw affects konqueror
bugzilla·2007-03-23·CVSS 6.8
CVE-2007-1564 [MEDIUM] CVE-2007-1564 FTP protocol PASV design flaw affects konqueror
CVE-2007-1564 FTP protocol PASV design flaw affects konqueror
+++ This bug was initially created as a clone of Bug #233592 +++
Description of problem:
RFC 959 [1] says:
When the user-PI receives an acknowledgment to the PASV command,
which includes the identity of the host and port being listened
on, the user-PI then sends A's port, a, to B in a PORT command; a
reply is returned. The user-PI may then send the corresponding
service commands to A and B. Server B initiates the connection
and the transfer proceeds.
[1] ftp://ftp.rfc-editor.org/in-notes/rfc959.txt
This makes in possible for a server to direct the client to connect to
arbitrary IP/PORT, what can be misused for port scanning and service
fingerprinting.
Steps to Reproduce:
The paper [2] explains how to reproduce and contai
Bugzilla
CVE-2007-1564 FTP protocol PASV design flaw affects konqueror
bugzilla·2007-03-23·CVSS 6.8
CVE-2007-1564 [MEDIUM] CVE-2007-1564 FTP protocol PASV design flaw affects konqueror
CVE-2007-1564 FTP protocol PASV design flaw affects konqueror
Description of problem:
RFC 959 [1] says:
When the user-PI receives an acknowledgment to the PASV command,
which includes the identity of the host and port being listened
on, the user-PI then sends A's port, a, to B in a PORT command; a
reply is returned. The user-PI may then send the corresponding
service commands to A and B. Server B initiates the connection
and the transfer proceeds.
[1] ftp://ftp.rfc-editor.org/in-notes/rfc959.txt
This makes in possible for a server to direct the client to connect to
arbitrary IP/PORT, what can be misused for port scanning and service
fingerprinting.
Steps to Reproduce:
The paper [2] explains how to reproduce and contains a reference to
example reproducer FTP server.
[2] http://binds
http://bindshell.net/papers/ftppasv/ftp-client-pasv-manipulation.pdfhttp://secunia.com/advisories/24889http://secunia.com/advisories/27108http://securitytracker.com/id?1017801http://www.kde.org/info/security/advisory-20070326-1.txthttp://www.mandriva.com/security/advisories?name=MDKSA-2007:072http://www.novell.com/linux/security/advisories/2007_6_sr.htmlhttp://www.redhat.com/support/errata/RHSA-2007-0909.htmlhttp://www.securityfocus.com/bid/23091http://www.ubuntu.com/usn/usn-447-1http://www.vupen.com/english/advisories/2007/1076https://issues.rpath.com/browse/RPL-1201https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10646http://bindshell.net/papers/ftppasv/ftp-client-pasv-manipulation.pdfhttp://secunia.com/advisories/24889http://secunia.com/advisories/27108http://securitytracker.com/id?1017801http://www.kde.org/info/security/advisory-20070326-1.txthttp://www.mandriva.com/security/advisories?name=MDKSA-2007:072http://www.novell.com/linux/security/advisories/2007_6_sr.htmlhttp://www.redhat.com/support/errata/RHSA-2007-0909.htmlhttp://www.securityfocus.com/bid/23091http://www.ubuntu.com/usn/usn-447-1http://www.vupen.com/english/advisories/2007/1076https://issues.rpath.com/browse/RPL-1201https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10646
2007-03-21
Published