GLSA-200501-18 : KDE FTP KIOslave: Command injection

High Nessus Plugin ID 16409


The remote Gentoo host is missing one or more security-related patches.


The remote host is affected by the vulnerability described in GLSA-200501-18 (KDE FTP KIOslave: Command injection)

The FTP KIOslave fails to properly parse URL-encoded newline characters.
Impact :

An attacker could exploit this to execute arbitrary FTP commands on the server and due to similiarities between the FTP and the SMTP protocol, this vulnerability also allows an attacker to connect to a SMTP server and issue arbitrary commands, for example sending an email.
Workaround :

There is no known workaround at this time.


All kdelibs users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose kde-base/kdelibs

See Also

Plugin Details

Severity: High

ID: 16409

File Name: gentoo_GLSA-200501-18.nasl

Version: $Revision: 1.14 $

Type: local

Published: 2005/02/14

Modified: 2015/04/13

Dependencies: 12634

Risk Information

Risk Factor: High


Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:gentoo:linux:kdelibs, cpe:/o:gentoo:linux

Required KB Items: Host/local_checks_enabled, Host/Gentoo/release, Host/Gentoo/qpkg-list

Patch Publication Date: 2005/01/11

Vulnerability Publication Date: 2004/12/23

Reference Information

CVE: CVE-2004-1165

OSVDB: 12853

GLSA: 200501-18