Linux Security
Linux Security
Linux Security

Debian: kdeadmin command execution vulnerability

Date 22 Jan 2003
Posted By LinuxSecurity Advisories
By carefully crafting such data an attacker might be able to execute arbitary commands on a vulnerable sytem using the victim's account and privileges.

- --------------------------------------------------------------------------
Debian Security Advisory DSA 234-1                     This email address is being protected from spambots. You need JavaScript enabled to view it.                             Martin Schulze
January 22nd, 2003             
- --------------------------------------------------------------------------

Package        : kdeadmin
Vulnerability  : several
Problem-type   : local, remote
Debian-specific: no
CVE Id         : CAN-2002-1393

The KDE team discovered several vulnerabilities in the K Desktop
Environment.  In some instances KDE fails to properly quote parameters
of instructions passed to a command shell for execution.  These
parameters may incorporate data such as URLs, filenames and e-mail
addresses, and this data may be provided remotely to a victim in an
e-mail, a webpage or files on a network filesystem or other untrusted

By carefully crafting such data an attacker might be able to execute
arbitary commands on a vulnerable sytem using the victim's account and
privileges.  The KDE Project is not aware of any existing exploits of
these vulnerabilities.  The patches also provide better safe guards
and check data from untrusted sources more strictly in multiple

For the current stable distribution (woody), these problems have been fixed
in version 2.2.2-7.2

The old stable distribution (potato) does not contain KDE packages.

For the unstable distribution (sid), these problems will most probably
not be fixed but new packages for KDE 3.1 for sid are expected for
this year.

We recommend that you upgrade your KDE packages.

Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody
- --------------------------------

  Source archives:
      Size/MD5 checksum:      922 1c987ba703ca3f18c58d09828783cdbd
      Size/MD5 checksum:    23669 f767d5be73d74af4ffe36a368d364b96
      Size/MD5 checksum:   848413 d3e8bc7ae67b82d3a3e3f488fb690e1b

  Alpha architecture:
      Size/MD5 checksum:   153206 e708ef2b34d2e42475616f3dda45cbd3
      Size/MD5 checksum:   273182 2246d41c01dff1a56deee2c53fcf94c7
      Size/MD5 checksum:   230968 07913b8eb8622e57d3a99cf4f6ec6b69
      Size/MD5 checksum:   189834 11c550096b7eb87c215d67187048b91f
      Size/MD5 checksum:   110280 98e7c0cfd3e2edf630f7885b0a09211d
      Size/MD5 checksum:   216204 50b208e8d15a81ff45b46bc84235fa00
      Size/MD5 checksum:    23584 025b3e2217e3a12d80a37163da50777c

  ARM architecture:
      Size/MD5 checksum:   144850 9c680a3cf5bbb391fadb4734a7e0530b
      Size/MD5 checksum:   202178 8716c754bb0f45f63b9c6f6d51c44df4
      Size/MD5 checksum:   186018 3482c5c0af6528d44331b269165b307b
      Size/MD5 checksum:   149514 445fbe177f06551ae1bc43866cecddcf
      Size/MD5 checksum:    91434 852c61ff06504f467a21a2da8d89a015
      Size/MD5 checksum:   187684 8e9dfbecb9f6c772e60b68b7b6fe877d
      Size/MD5 checksum:    20394 d92b88ec72d4085ad75b45bc86687c44

  Intel IA-32 architecture:
      Size/MD5 checksum:   141688 f89893ede2df05e92e463864696f1897
      Size/MD5 checksum:   182192 e0d3620de12a3331ea2230d9b749bfae
      Size/MD5 checksum:   179986 24a8ff7a51ec008fd1c485f1d0905126
      Size/MD5 checksum:   151736 29c2e6e689fb4bec5ad4c2cf563f68d3
      Size/MD5 checksum:    91936 5bc7ee6fa4a9f95b727f1e8d19179962
      Size/MD5 checksum:   184704 22218d2ffd1e25e7ca695c534d6d8e5c
      Size/MD5 checksum:    93152 b7266d318e7c3fb098a18cc5c6aac69f
      Size/MD5 checksum:    21666 7c0c4059900ff35c2a6e705cebdb0a21

  Intel IA-64 architecture:
      Size/MD5 checksum:   169926 1ab6f22c96e0dbc0e06ac013d1ae8d57
      Size/MD5 checksum:   219624 1336ce2a99c9951e9e79bba6a907c8d2
      Size/MD5 checksum:   299542 ed0092e573f76061889a9e4ea8a40337
      Size/MD5 checksum:   228488 e61fc7237e729249c4c4368dcc0080e7
      Size/MD5 checksum:   129938 e7cd718dd2ac79bd396d268fb8ff8a62
      Size/MD5 checksum:   243448 24c2386d863e234db3f5bef9f328ea5c
      Size/MD5 checksum:    23552 dfd3a70e0d4c3ab8ad4efcccf99d9518

  HP Precision architecture:
      Size/MD5 checksum:   154410 d05f80703cce1c8c65516cea5dbcfe8a
      Size/MD5 checksum:   214620 383d6e1b41ca864580e32e5c5bbd6a4f
      Size/MD5 checksum:   222352 5e3806e74346ea3f6e688dd69043b89d
      Size/MD5 checksum:   185056 55ebbdd65448061c33e2ba67bf856bf7
      Size/MD5 checksum:   107830 9aad3783b609fc6bbdb8464ae1f2114e
      Size/MD5 checksum:   230638 aa3d3c62f36777242af5fa3e6febb1bf
      Size/MD5 checksum:    22844 dad913929d4fa96a75cddbc3e12a6211

  Motorola 680x0 architecture:
      Size/MD5 checksum:   140660 81928d11476e54e0d4e65323eb7997cc
      Size/MD5 checksum:   176254 ba9e6c6d244cfa9b39f3f5b694cea735
      Size/MD5 checksum:   175182 c72b39577f44ea72d2fd5d6cb96116b8
      Size/MD5 checksum:   147776 e16487ddb05b126469238a311bef26ef
      Size/MD5 checksum:    90996 a84d498d47f3d1b84f44f6f7c1b31c15
      Size/MD5 checksum:   179546 f7d3e2c057064b5db7e1d21a2af9c5a9
      Size/MD5 checksum:    22188 40f0ef43476b5ab15e38f92151ccc2fa

  Big endian MIPS architecture:
      Size/MD5 checksum:   138748 d4fc92d8e63db7c4bc9ce283c3db0bcf
      Size/MD5 checksum:   171894 e9c3ca67b8efb02cfa223ec6d6bdc9eb
      Size/MD5 checksum:   198818 15acce76e7269c632e70cb6fa40c457f
      Size/MD5 checksum:   171198 1abfb4306e6b910293f2b0357e3d4102
      Size/MD5 checksum:   100994 a8139081a311f207ef86491c1e5c6b5b
      Size/MD5 checksum:   196970 796e2792ec9ff4cffb90681596aa03da
      Size/MD5 checksum:    20238 8e3ed281344f001e6a530265ada7e8dc

  Little endian MIPS architecture:
      Size/MD5 checksum:   137978 75cba1cf426da9a96d0f4d0110b93872
      Size/MD5 checksum:   168956 7fca70632e404a388d7a0b304ce375dc
      Size/MD5 checksum:   196288 c54aacd4429b7db7fe18739816ea549d
      Size/MD5 checksum:   169274 299412cc5d7777fa2bd7eaeb5e5f4066
      Size/MD5 checksum:   100052 f758b5aa034b8317b41903ffeb89bea3
      Size/MD5 checksum:   195920 a8eb1cf2f428002162e89032a91bf409
      Size/MD5 checksum:    20212 b50b343b3aefae64983ca7779e3eafe9

  PowerPC architecture:
      Size/MD5 checksum:   143140 e9d58d07bed590dae8393f8507bc104b
      Size/MD5 checksum:   173694 45f02700ffd32dc5f1445ecf7fdc710c
      Size/MD5 checksum:   186486 67053abf6a72aea2489ff98a46bbe3ab
      Size/MD5 checksum:   149198 a90cc2acddaa0be636a768b045bf9031
      Size/MD5 checksum:    90394 ae5d36549896fa3d2bf01ebb824f728d
      Size/MD5 checksum:   183640 ba535d6ac7018426fe2bce0f66fff8bc
      Size/MD5 checksum:    20046 a517dc09778f2201871597dae584469e

  IBM S/390 architecture:
      Size/MD5 checksum:   145092 a607f2027b595b3567deb60d707e29b2
      Size/MD5 checksum:   157874 a210625ef3dc12004f4ff33226897d28
      Size/MD5 checksum:   187102 15c446268aec70e1003e2dbd2b4a8f6b
      Size/MD5 checksum:   157246 1b1be87e7aa8611a729994d047284be1
      Size/MD5 checksum:    94466 ec46801de7d047fb3745aa871549bf3d
      Size/MD5 checksum:   183150 4e8eedda1c9bd1a5d5c99cebc3909532
      Size/MD5 checksum:    22686 82dd34d13a7d7ef4fa5e5625f84c406e

  Sun Sparc architecture:
      Size/MD5 checksum:   143920 4526bfae965d9781fbfc20fb105e8cd8
      Size/MD5 checksum:   174906 0647efafe7c2f82ee469ba16339bfe43
      Size/MD5 checksum:   182022 82c38e45b6c859064165f74cac7677a1
      Size/MD5 checksum:   153808 d3e7428d284d292482f430a8d7e1459e
      Size/MD5 checksum:    91930 d5a23f597056e2aa63ce7b0823903802
      Size/MD5 checksum:   185334 71f00d15eb31577cef473419df247180
      Size/MD5 checksum:    20780 955eccfa7c277a049454d10735ce984f

  These files will be moved into the stable distribution after new KDE
  packages fhave been uploaded into unstable (sid) and compiled for
  all architectures.  

- ---------------------------------------------------------------------------------
For apt-get: deb stable/updates main
For dpkg-ftp: dists/stable/updates/main
Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
Package info: `apt-cache show ' and

LinuxSecurity Poll

How frequently do you patch/update your system?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum 0 answer(s) and maximum 3 answer(s).
[{"id":"179","title":"As soon as patches\/updates are released - I track advisories for my distro(s) diligently","votes":"69","type":"x","order":"1","pct":75.82,"resources":[]},{"id":"180","title":"Every so often, when I think of it","votes":"14","type":"x","order":"2","pct":15.38,"resources":[]},{"id":"181","title":"Hardly ever","votes":"8","type":"x","order":"3","pct":8.79,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

Please vote first in order to view vote results.



bottom 200

Please enable / Bitte aktiviere JavaScript!
Veuillez activer / Por favor activa el Javascript![ ? ]

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.