Test ID:	1.3.6.1.4.1.25623.1.0.50668
Category:	Mandrake Local Security Checks
Title:	Mandrake Security Advisory MDKSA-2003:004 (kde)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to kde announced via advisory MDKSA-2003:004. Multiple instances of improperly quoted shell command execution exist in KDE 2.x up to and including KDE 3.0.5. KDE fails to properly quote parameters of instructions passed to the shell for execution. These parameters may contain data such as filenames, URLs, email address, and so forth this data may be provided remotely to a victim via email, web pages, files on a network filesystem, or other untrusted sources. It is possible for arbitrary command execution on a vulnerable system with the privileges of the victim's account. The code audit by the KDE team resulted in patches for KDE 2.2.2 and KDE 3 version 3.0.5a was released and the KDE team encourages the upgrade. The listed KDE2 packages have the KDE team's patches applied to provide the fixed code. Affected versions: 8.1, 8.2, 9.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDKSA-2003:004 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1393 http://www.kde.org/info/security/advisory-20021220-1.txt Risk factor : High CVSS Score: 7.5
Cross-Ref:	BugTraq ID: 6462 Common Vulnerability Exposure (CVE) ID: CVE-2002-1393 http://www.securityfocus.com/bid/6462 Bugtraq: 20021221 KDE Security Advisory: Multiple vulnerabilities in KDE (Google Search) http://marc.info/?l=bugtraq&m=104049734911544&w=2 Bugtraq: 20021222 GLSA: kde-3.0.x (Google Search) http://marc.info/?l=bugtraq&m=104066520330397&w=2 Conectiva Linux advisory: CLA-2003:569 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000569 Debian Security Information: DSA-234 (Google Search) http://www.debian.org/security/2003/dsa-234 Debian Security Information: DSA-235 (Google Search) http://www.debian.org/security/2003/dsa-235 Debian Security Information: DSA-236 (Google Search) http://www.debian.org/security/2003/dsa-236 Debian Security Information: DSA-237 (Google Search) http://www.debian.org/security/2003/dsa-237 Debian Security Information: DSA-238 (Google Search) http://www.debian.org/security/2003/dsa-238 Debian Security Information: DSA-239 (Google Search) http://www.debian.org/security/2003/dsa-239 Debian Security Information: DSA-240 (Google Search) http://www.debian.org/security/2003/dsa-240 Debian Security Information: DSA-241 (Google Search) http://www.debian.org/security/2003/dsa-241 Debian Security Information: DSA-242 (Google Search) http://www.debian.org/security/2003/dsa-242 Debian Security Information: DSA-243 (Google Search) http://www.debian.org/security/2003/dsa-243 http://www.mandriva.com/security/advisories?name=MDKSA-2003:004 http://www.redhat.com/support/errata/RHSA-2003-002.html http://www.redhat.com/support/errata/RHSA-2003-003.html http://secunia.com/advisories/8067 http://secunia.com/advisories/8103
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.