KDE KMail User Interface Spoofing Vulnerability

Monday, April 11th, 2005
by Marc Erickson

“Secunia Advisory: SA14925

Critical: Less critical

Impact: Spoofing

Where: From remote

Solution Status: Unpatched

Software: KDE 3.x

Noam Rathaus has discovered a vulnerability in KMail, which can be exploited by malicious people to conduct spoofing attacks.

The vulnerability is caused due to an error where HTML code can overlay part of the user interface. This can e.g. be exploited to trick a user into believing a specially crafted mail is signed and coming from a trusted source.

Successful exploitation requires that the option “Prefer HTML to plain text” is enabled (not default setting).

The vulnerability has been confirmed in KMail 1.7.1 on KDE 3.3.1. KDE 3.3.2 is reportedly also affected. Other versions may also be affected.

Solution: Disable the “Prefer HTML to plain text” setting.”

[Continue reading KDE KMail User Interface Spoofing Vulnerability]

Tags

Categories

Security

What Do You Think?

Want to Start a Blog Here for Free?

Are you an expert in one subject or another? If your goal is to help others and dispense hard-earned information back to the community, stake a claim on your very own Lockergnome blog today! You can write about anything - no matter the topic. Sign-up to start blogging!

Linux, ubuntu - May 21, 2008

Java And Flash On Ubuntu Heron 64 bit Linux

Spandex Force Now Available For Linux
Monday, March 3, 2008
Kingston 8GB Class 4 Secure Digital High Capacity (SDHC) Memory Card
Monday, March 3, 2008
Interesting Links For Linux Users
Monday, March 3, 2008
Top 5 Tips For Configuring Hardware In Linux
Monday, March 3, 2008
NVIDIA 169.07 Linux Display Driver Released
Thursday, December 20, 2007

Interview, Linux, Misc - Dec 19, 2007

KOffice vs OOXML: Practical, Not Political

Dell Announces Ubuntu PCs with DVD Playback
Tuesday, December 18, 2007
How to Speed Up Linux
Monday, December 17, 2007
GNOME Developer Kit
Friday, December 14, 2007
Iran Tries to Hide AMD Supercomputer
Thursday, December 13, 2007
GNOME theme engine designer adds transparency to GTK
Wednesday, December 12, 2007

Myths - Dec 3, 2007

5 Myths That Stymie Linux Growth

Using Gmail As The Default Email Client - Ubuntu
Thursday, November 29, 2007
Quick Tip - Getting Started With GIMP
Wednesday, November 28, 2007
Ubuntu Wired Networking Woes? Read This Closely
Tuesday, November 27, 2007
Dock Any Application To The System Tray
Monday, November 26, 2007
VPN With Linux Made Easy
Friday, November 23, 2007

Just Ask Matt - Linux Edition - Nov 20, 2007

Default Sound Card Not Sticking In Ubuntu!

Scanners Broken By A System Update
Monday, November 19, 2007
Top 5 Ways To Prevent A Damaged Ubuntu Installation
Sunday, November 18, 2007
Antivirus Programs For Ubuntu
Tuesday, November 13, 2007
Fixing Miro On Ubuntu
Tuesday, November 6, 2007
Quick News Update
Tuesday, November 6, 2007