Test ID:	1.3.6.1.4.1.25623.1.0.50850
Category:	Mandrake Local Security Checks
Title:	Mandrake Security Advisory MDKSA-2002:079 (kdelibs)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to kdelibs announced via advisory MDKSA-2002:079. Vulnerabilities were discovered in the KIO subsystem support for various network protocols. The implementation of the rlogin protocol affects all KDE versions from 2.1 up to 3.0.4, while the flawed implementation of the telnet protocol only affects KDE 2.x. They allow a carefully crafted URL in an HTML page, HTML email, or other KIO-enabled application to execute arbitrary commands as the victim with their privilege. The KDE team provided a patch for KDE3 which has been applied in these packages. No patch was provided for KDE2, however the KDE team recommends disabling both the rlogin and telnet KIO protocols. This can be accomplished by removing, as root, the following files: /usr/share/services/telnet.protocol and /usr/share/services/rlogin.protocol. If either file also exists in a user's ~ /.kde/share/services directory, they should likewise be removed. Affected versions: 9.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDKSA-2002:079 http://www.kde.org/info/security/advisory-20021111-1.txt Risk factor : High
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.