This script is Copyright (C) 2004-2013 Tenable Network Security, Inc.
The remote Mandrake Linux host is missing one or more security
Vulnerabilities were discovered in the KIO subsystem support for
various network protocols. The implementation of the rlogin protocol
affects all KDE versions from 2.1 up to 3.0.4, while the flawed
implementation of the telnet protocol only affects KDE 2.x. They allow
a carefully crafted URL in an HTML page, HTML email, or other
KIO-enabled application to execute arbitrary commands as the victim
with their privilege.
The KDE team provided a patch for KDE3 which has been applied in these
packages. No patch was provided for KDE2, however the KDE team
recommends disabling both the rlogin and telnet KIO protocols. This
can be accomplished by removing, as root, the following files:
/usr/share/services/rlogin.protocol. If either file also exists in a
user's ~/.kde/share/services directory, they should likewise be
See also :
Update the affected kdelibs and / or kdelibs-devel packages.
Risk factor :
High / CVSS Base Score : 7.5