Mandrake Linux Security Advisory : kopete (MDKSA-2003:055)
High Nessus Plugin ID 14039
SynopsisThe remote Mandrake Linux host is missing one or more security updates.
DescriptionA vulnerability was discovered in versions of kopete, a KDE instant messenger client, prior to 0.6.2. This vulnerability is in the GnuPG plugin that allows for users to send each other GPG-encrypted instant messages. The plugin passes encrypted messages to gpg, but does no checking to sanitize the commandline passed to gpg. This can allow remote users to execute arbitrary code, with the permissions of the user running kopete, on the local system.
SolutionUpdate the affected kopete and / or libkopete1 packages.