Adress CVE-2017-6410 in devel/kf5-kio and x11/kdelibs4

Using a malicious PAC file, and then using exfiltration methods in the PAC
function FindProxyForURL() enables the attacker to expose full https URLs.

This is a security issue since https URLs may contain sensitive
information in the URL authentication part (user:password@host), and in the
path and the query (e.g. access tokens).

This attack can be carried out remotely (over the LAN) since proxy settings
allow ``Detect Proxy Configuration Automatically''
This setting uses WPAD to retrieve the PAC file, and an attacker who has access
to the victim's LAN can interfere with the WPAD protocols (DHCP/DNS+HTTP)
and inject his/her own malicious PAC instead of the legitimate one.

Reviewed by:	mat, rakuco
Approved by:	rakuco (mentor), mat (mentor)
Obtained from:	https://marc.info/?l=kde-announce&m=148831226706885&w=2
MFH:		2017Q1
Security:	CVE-2017-6410
Differential Revision:	https://reviews.freebsd.org/D9908

0 files changed, 0 insertions, 0 deletions