Mandrake Linux Security Advisory : kdelibs (MDKSA-2002:079)

This script is Copyright (C) 2004-2013 Tenable Network Security, Inc.


Synopsis :

The remote Mandrake Linux host is missing one or more security
updates.

Description :

Vulnerabilities were discovered in the KIO subsystem support for
various network protocols. The implementation of the rlogin protocol
affects all KDE versions from 2.1 up to 3.0.4, while the flawed
implementation of the telnet protocol only affects KDE 2.x. They allow
a carefully crafted URL in an HTML page, HTML email, or other
KIO-enabled application to execute arbitrary commands as the victim
with their privilege.

The KDE team provided a patch for KDE3 which has been applied in these
packages. No patch was provided for KDE2, however the KDE team
recommends disabling both the rlogin and telnet KIO protocols. This
can be accomplished by removing, as root, the following files:
/usr/share/services/telnet.protocol and
/usr/share/services/rlogin.protocol. If either file also exists in a
user's ~/.kde/share/services directory, they should likewise be
removed.

See also :

http://www.kde.org/info/security/advisory-20021111-1.txt

Solution :

Update the affected kdelibs and / or kdelibs-devel packages.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

Family: Mandriva Local Security Checks

Nessus Plugin ID: 13977 (mandrake_MDKSA-2002-079.nasl)

Bugtraq ID:

CVE ID: CVE-2002-1281
CVE-2002-1282

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now