Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-1393

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2002-1393
Last Modified 10 Sep 2008 03:14:29
Published 17 Jan 2003 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2002-1393

Summary

Multiple vulnerabilities in KDE 2 and KDE 3.x through 3.0.5 do not quote certain parameters that are inserted into a shell command, which could allow remote attackers to execute arbitrary commands via (1) URLs, (2) filenames, or (3) e-mail addresses.

Vulnerable Systems

Operating System

  • Kde 2.0

  • Kde 2.0.1

  • Kde 2.1

  • Kde 2.1.1

  • Kde 2.1.2

  • Kde 2.2

  • Kde 2.2.1

  • Kde 2.2.2

  • Kde 3.0

  • Kde 3.0.1

  • Kde 3.0.2

  • Kde 3.0.3

  • Kde 3.0.3a

  • Kde 3.0.4

  • Kde 3.0.5


References

CONFIRM - http://www.kde.org/info/security/advisory-20021220-1.txt

DEBIAN - DSA-243

BUGTRAQ - 20021222 GLSA: kde-3.0.x

DEBIAN - DSA-242

DEBIAN - DSA-241

DEBIAN - DSA-240

DEBIAN - DSA-239

DEBIAN - DSA-238

DEBIAN - DSA-237

DEBIAN - DSA-236

DEBIAN - DSA-235

DEBIAN - DSA-234

BID - 6462

REDHAT - RHSA-2003:003

REDHAT - RHSA-2003:002

MANDRAKE - MDKSA-2003:004

SECUNIA - 8103

SECUNIA - 8067

BUGTRAQ - 20021221 KDE Security Advisory: Multiple vulnerabilities in KDE

CONECTIVA - CLA-2003:569


Last Updated: 27 May 2016 10:37:18