 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.53314 |
| Category: | Debian Local Security Checks |
| Title: | Debian Security Advisory DSA 238-1 (kdepim) |
| Summary: | The remote host is missing an update to kdepim;announced via advisory DSA 238-1. |
| Description: | Summary: The remote host is missing an update to kdepim announced via advisory DSA 238-1. Vulnerability Insight: The KDE team discovered several vulnerabilities in the K Desktop Environment. In some instances KDE fails to properly quote parameters of instructions passed to a command shell for execution. These parameters may incorporate data such as URLs, filenames and e-mail addresses, and this data may be provided remotely to a victim in an e-mail, a webpage or files on a network filesystem or other untrusted source. By carefully crafting such data an attacker might be able to execute arbitrary commands on a vulnerable system using the victim's account and privileges. The KDE Project is not aware of any existing exploits of these vulnerabilities. The patches also provide better safe guards and check data from untrusted sources more strictly in multiple places. For the current stable distribution (woody), these problems have been fixed in version 2.2.2-5.2. The old stable distribution (potato) does not contain KDE packages. For the unstable distribution (sid), these problems will most probably not be fixed but new packages for KDE 3.1 for sid are expected for this year. Solution: We recommend that you upgrade your KDE packages. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2002-1393 BugTraq ID: 6462 http://www.securityfocus.com/bid/6462 Bugtraq: 20021221 KDE Security Advisory: Multiple vulnerabilities in KDE (Google Search) http://marc.info/?l=bugtraq&m=104049734911544&w=2 Bugtraq: 20021222 GLSA: kde-3.0.x (Google Search) http://marc.info/?l=bugtraq&m=104066520330397&w=2 Conectiva Linux advisory: CLA-2003:569 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000569 Debian Security Information: DSA-234 (Google Search) http://www.debian.org/security/2003/dsa-234 Debian Security Information: DSA-235 (Google Search) http://www.debian.org/security/2003/dsa-235 Debian Security Information: DSA-236 (Google Search) http://www.debian.org/security/2003/dsa-236 Debian Security Information: DSA-237 (Google Search) http://www.debian.org/security/2003/dsa-237 Debian Security Information: DSA-238 (Google Search) http://www.debian.org/security/2003/dsa-238 Debian Security Information: DSA-239 (Google Search) http://www.debian.org/security/2003/dsa-239 Debian Security Information: DSA-240 (Google Search) http://www.debian.org/security/2003/dsa-240 Debian Security Information: DSA-241 (Google Search) http://www.debian.org/security/2003/dsa-241 Debian Security Information: DSA-242 (Google Search) http://www.debian.org/security/2003/dsa-242 Debian Security Information: DSA-243 (Google Search) http://www.debian.org/security/2003/dsa-243 http://www.mandriva.com/security/advisories?name=MDKSA-2003:004 http://www.redhat.com/support/errata/RHSA-2003-002.html http://www.redhat.com/support/errata/RHSA-2003-003.html http://secunia.com/advisories/8067 http://secunia.com/advisories/8103 |
| Copyright | Copyright (C) 2008 E-Soft Inc. |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |