This script is Copyright (C) 2004-2013 Tenable Network Security, Inc.
The remote Mandrake Linux host is missing one or more security
A vulnerability was discovered in KDE's SSL implementation in that it
does not check the basic constraints on a certificate and as a result
may accept certificates as valid that were signed by an issuer who is
not authorized to do so. This can lead to Konqueror and other SSL-
enabled KDE software falling victim to a man-in-the-middle attack
without being aware of the invalid certificate. This will trick users
into thinking they are on a secure connection with a valid site when
in fact the site is different from that which they intended to connect
This is fixed in KDE 3.0.3, and the KDE team provided a patch for KDE
2.2.2. This patch has been applied to the following packages.
After upgrading kdelibs, you must restart KDE in order for the fix to
See also :
Update the affected packages.
Risk factor :
High / CVSS Base Score : 7.5