Fedora Core 2 : kdelibs-3.2.2-6 (2004-122)
High Nessus Plugin ID 13700
SynopsisThe remote Fedora Core host is missing a security update.
DescriptioniDEFENSE identified a vulnerability in the Opera Web Browser that could allow remote attackers to create or truncate arbitrary files.
The KDE team has found that a similar vulnerability exists in KDE.
A flaw in the telnet URL handler can allow options to be passed to the telnet program which can be used to allow file creation or overwriting. An attacker could create a carefully crafted link such that when opened by a victim it creates or overwrites a file in the victims home directory. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0411 to this issue.
Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
SolutionUpdate the affected kdelibs, kdelibs-debuginfo and / or kdelibs-devel packages.