Info

Disclosure

Oct 10, 2012

Discovery

Unknown

Dates

Exploit

Oct 10, 2012

Solution

Unknown

Description

KDE Konqueror contains a flaw that may allow a denial of service. The issue is triggered when a NULL pointer dereference occurs, and will result in loss of availability for the program.

Classification

Location: Context Dependent
Attack Type: Denial of Service
Impact: Loss of Availability
Solution: Patch / RCS
Exploit: Exploit Public
Disclosure: Vendor Verified
OSVDB: Web Related

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, a patch has been committed to the source code repository that addresses this vulnerability. Until it is incorporated into the next release of the software, manually patching an existing installation is the only known available solution. Check the vendor advisory or solution URL in the references section.

Products

KDE Project

Konqueror

4.7.3

References

CVE ID: 2012-4514 (see also: NVD)
Exploit Database: 22406
Secunia Advisory ID: 51097 51375
Bugtraq ID: 55879
ISS X-Force ID: 79287
Related OSVDB ID: 86825 86826 86847
Mail List Post: http://seclists.org/bugtraq/2012/Nov/4
http://seclists.org/oss-sec/2012/q4/65
Vendor URL: http://www.kde.org/
Other Advisory URL: http://www.nth-dimension.org.uk/pub/NDSA20121010.txt.asc
Vendor Specific News/Changelog Entry: https://bugzilla.novell.com/show_bug.cgi?id=729829
https://bugzilla.novell.com/show_bug.cgi?id=787520
Vendor Specific Solution URL: https://projects.kde.org/projects/kde/kdelibs/repository/revisions/65464349951e0df9b5d80c2eb3cc7458d54923ae

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/86827