Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 536
Alerts This Week
Warning Icon 1 536

Debian 3.0: DSA 237-1 Severe: kdelibs Command Execution Risk

debian
Calendar Grey January 22, 2003
Scroller Debian
- -------------------------------------------------------------------------- Debian Security Advisor
By carefully crafting such data an attacker might be able to execute arbitary commands on a vulnerable sytem using the victim's account and privileges.

Summary

The KDE team discovered several vulnerabilities in the K Desktop
Environment. In some instances KDE fails to properly quote parametersof instructions passed to a command shell for execution. These
parameters may incorporate data such as URLs, filenames and e-mail
addresses, and this data may be provided remotely to a victim in an
e-mail, a webpage or files on a network filesystem or other untrusted
source.

By carefully crafting such data an attacker might be able to execute
arbitary commands on a vulnerable sytem using the victim's account and
privileges. The KDE Project is not aware of any existing exploits of
these vulnerabilities. The patches also provide better safe guards
and check data from untrusted sources more strictly in multiple
places.

For the current stable distribution (woody), these problems have been fixed
in version 2.2.2-13.woody.6.

The old stable distribution (potato) does not contain KDE packages.

For the unstable distribution (sid), these problems will most probably
not be ...

Read the Full Advisory

Severity
critical
Lowest
Low
Medium
High
Critical

Package: kdelibs

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.