Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!

TUCoPS :: Linux :: General :: lnx5933.htm

KDE quoted shell command can be remotely exploited
14th Jan 2003 [SBWID-5933]

	KDE quoted shell command can be remotely exploited


	KDE 2.x up to and including KDE 3.0.5


	In Mandrake Linux Security Team  []  advisory
	[MDKSA-2003:004] :
	KDE fails to properly quote parameters of  instructions  passed  to  the
	shell  for  execution.  These  parameters  may  contain  data  such   as
	filenames, URLs, email address, and so forth; this data may be  provided
	remotely  to  a  victim  via  email,  web  pages,  files  on  a  network
	filesystem, or other untrusted sources.
	It is possible for arbitrary command execution on  a  vulnerable  system
	with the privileges of the victim's account.


	Get version 3.0.5a, see

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH