Mandrake Linux Security Advisory : kopete (MDKSA-2003:055)

High Nessus Plugin ID 14039


The remote Mandrake Linux host is missing one or more security updates.


A vulnerability was discovered in versions of kopete, a KDE instant messenger client, prior to 0.6.2. This vulnerability is in the GnuPG plugin that allows for users to send each other GPG-encrypted instant messages. The plugin passes encrypted messages to gpg, but does no checking to sanitize the commandline passed to gpg. This can allow remote users to execute arbitrary code, with the permissions of the user running kopete, on the local system.


Update the affected kopete and / or libkopete1 packages.

See Also

Plugin Details

Severity: High

ID: 14039

File Name: mandrake_MDKSA-2003-055.nasl

Version: $Revision: 1.18 $

Type: local

Published: 2004/07/31

Modified: 2013/05/31

Dependencies: 12634

Risk Information

Risk Factor: High


Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:kopete, p-cpe:/a:mandriva:linux:libkopete1, cpe:/o:mandrakesoft:mandrake_linux:9.1

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Patch Publication Date: 2003/05/08

Reference Information

CVE: CVE-2003-0256

MDKSA: 2003:055