Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Linux :: General :: lnx5933.htm

KDE quoted shell command can be remotely exploited



14th Jan 2003 [SBWID-5933]
COMMAND

	KDE quoted shell command can be remotely exploited

SYSTEMS AFFECTED

	KDE 2.x up to and including KDE 3.0.5

PROBLEM

	In Mandrake Linux Security Team  [security@linux-mandrake.com]  advisory
	[MDKSA-2003:004] :
	
	KDE fails to properly quote parameters of  instructions  passed  to  the
	shell  for  execution.  These  parameters  may  contain  data  such   as
	filenames, URLs, email address, and so forth; this data may be  provided
	remotely  to  a  victim  via  email,  web  pages,  files  on  a  network
	filesystem, or other untrusted sources.
	 
	It is possible for arbitrary command execution on  a  vulnerable  system
	with the privileges of the victim's account.

SOLUTION

	Get version 3.0.5a, see
	
	 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1393
	 http://www.kde.org/info/security/advisory-20021220-1.txt
	


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH