aru Posted March 10, 2004 Report Share Posted March 10, 2004 MandrakeSoft Security Advisory MDKSA-2004:022 : kdelibs March 10th, 2004 Updated kdelibs packages fix cookie theft vulnerability Corsaire discovered that a number of HTTP user agents contained a flaw in how they handle cookies. This flaw could allow an attacker to avoid the path restrictions specified by a cookie's originator. According to their advisory: "The cookie specifications detail a path argument that can be used to restrict the areas of a host that will be exposed to a cookie. By using standard traversal techniques this functionality can be subverted, potentially exposing the cookie to scrutiny and use in further attacks." This issue was fixed in KDE 3.1.3; the updated packages are patched to protect against this vulnerability. The released versions of Mandrake GNU/Linux affected are: 9.1Full information about this advisory, including the updated packages, is available at: www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:022 Other references: http://cve.mitre.org/cgi-bin/cvename.cgi?n...e=CAN-2003-0592 Posted automatically by aru (mdksec2mub v0.0.8) Link to comment Share on other sites More sharing options...
Recommended Posts