CVE-2002-0970

Name of the Vulnerable Software and Affected Versions kde-i18n-Catalan version 3.0.3 kde-i18n-Danish version 3.0.3 kde-i18n-Czech version 3.0.3 kde-i18n-Chinese-Big5 version 3.0.3 kde-i18n-3.0.3 version 3.0.3 kde-i18n-British version 3.0.3 kde-i18n-Brazil version 3.0.3 kde-i18n-Afrikaans version 3.0.3 kde-i18n-Chinese version 3.0.3 qt version 3.0.5 kcharselect version 3.0.3 kamera version 3.0.3 kaboodle version 3.0.3 kdenetwork version 2.2.2 kdenetwork version 3.0.3 kdesdk version 3.0.3 kdeartwork version 3.0.3 kdepim version 3.0.3 kdelibs version 2.2.2 kdelibs version 3.0.3 kdelibs-sound version 2.2.2 kdelibs-sound-devel version 2.2.2 kdebindings version 3.0.3 kdenetwork-ppp version 2.2.2 kdeutils version 3.0.3 kcoloredit version 3.0.3 kdebase version 3.0.3 kdegraphics version 2.2.2 kdegraphics version 3.0.3 kdemultimedia version 3.0.3 kdeadmin version 3.0.3 kdevelop version 2.1.3

Description The issue affects various packages of the Red Hat Linux operating system, including qt, kde-i18n, kcharselect, kamera, kaboodle, kdenetwork, kdesdk, kdeartwork, kdepim, kdelibs, kdebindings, kdenetwork-ppp, kdeutils, kcoloredit, kdebase, kdegraphics, kdemultimedia, kdeadmin, and kdevelop. The vulnerabilities can be exploited remotely, potentially leading to a breach of confidentiality, integrity, and availability of protected information. The SSL capability for Konqueror in KDE 3.0.2 and earlier does not verify the Basic Constraints for an intermediate CA-signed certificate, allowing remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack.

Recommendations As a temporary workaround, consider disabling the SSL capability for Konqueror until a patch is available. Restrict access to the vulnerable packages to minimize the risk of exploitation. Avoid using the vulnerable versions of the packages until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.