CVE-2004-1165 | Vulnerability Database | Aqua Security

Konqueror 3.3.1 allows remote attackers to execute arbitrary FTP commands via an ftp:// URL that contains a URL-encoded newline (%0a) before the FTP command, which causes the commands to be inserted into the resulting FTP session, as demonstrated using a PORT command.

Affected Software

Name	Vendor	Start Version	End Version
Kdelibs	Kde	3.1 (including)	3.1 (including)
Kdelibs	Kde	3.1.1 (including)	3.1.1 (including)
Kdelibs	Kde	3.1.2 (including)	3.1.2 (including)
Kdelibs	Kde	3.1.3 (including)	3.1.3 (including)
Kdelibs	Kde	3.1.4 (including)	3.1.4 (including)
Kdelibs	Kde	3.1.5 (including)	3.1.5 (including)
Kdelibs	Kde	3.2 (including)	3.2 (including)
Kdelibs	Kde	3.2.1 (including)	3.2.1 (including)
Kdelibs	Kde	3.2.2 (including)	3.2.2 (including)
Konqueror	Kde	3.3.1 (including)	3.3.1 (including)
Red Hat Enterprise Linux 3	RedHat	kdebase-6:3.1.3-5.8	*
Red Hat Enterprise Linux 3	RedHat	kdelibs-6:3.1.3-6.9	*
Red Hat Enterprise Linux 4	RedHat	kdelibs-6:3.3.1-3.3	*
Kdelibs	Ubuntu	dapper	*
Kdelibs	Ubuntu	devel	*
Kdelibs	Ubuntu	edgy	*
Kdelibs	Ubuntu	feisty	*

References

http://marc.info/?l=bugtraq\u0026m=110245752232681\u0026w=2
http://www.debian.org/security/2005/dsa-631
http://www.gentoo.org/security/en/glsa/glsa-200501-18.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2005:045
http://www.redhat.com/support/errata/RHSA-2005-009.html
http://www.redhat.com/support/errata/RHSA-2005-065.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/18384
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9645
http://marc.info/?l=bugtraq\u0026m=110245752232681\u0026w=2
http://www.debian.org/security/2005/dsa-631
http://www.gentoo.org/security/en/glsa/glsa-200501-18.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2005:045
http://www.redhat.com/support/errata/RHSA-2005-009.html
http://www.redhat.com/support/errata/RHSA-2005-065.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/18384
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9645

NVD	https://nvd.nist.gov/vuln/detail/CVE-2004-1165
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html