Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Sign up!
EnGarde Community
What is the most important Linux security technology?
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Latest Newsletters
Linux Advisory Watch: March 27th, 2015
Linux Security Week: March 23rd, 2015
LinuxSecurity Newsletters
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

Debian: kdelibs command execution vulnerability Print E-mail
User Rating:      How can I rate this item?
Posted by Team   
Debian By carefully crafting such data an attacker might be able to execute arbitary commands on a vulnerable sytem using the victim's account and privileges.

- --------------------------------------------------------------------------
Debian Security Advisory DSA 236-1                                        Martin Schulze
January 22nd, 2003             
- --------------------------------------------------------------------------

Package        : kdelibs
Vulnerability  : several
Problem-type   : local, remote
Debian-specific: no
CVE Id         : CAN-2002-1393

The KDE team discovered several vulnerabilities in the K Desktop
Environment.  In some instances KDE fails to properly quote parameters
of instructions passed to a command shell for execution.  These
parameters may incorporate data such as URLs, filenames and e-mail
addresses, and this data may be provided remotely to a victim in an
e-mail, a webpage or files on a network filesystem or other untrusted

By carefully crafting such data an attacker might be able to execute
arbitary commands on a vulnerable sytem using the victim's account and
privileges.  The KDE Project is not aware of any existing exploits of
these vulnerabilities.  The patches also provide better safe guards
and check data from untrusted sources more strictly in multiple

For the current stable distribution (woody), these problems have been fixed
in version 2.2.2-13.woody.6.

The old stable distribution (potato) does not contain KDE packages.

For the unstable distribution (sid), these problems will most probably
not be fixed but new packages for KDE 3.1 for sid are expected for
this year.

We recommend that you upgrade your KDE packages.

Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody
- --------------------------------

  Source archives:
      Size/MD5 checksum:     1353 5f403d3db13d953205201675479843eb
      Size/MD5 checksum:    54958 dc565cdd77e4fab495787a39698f3ad8
      Size/MD5 checksum:  6396699 7a9277a2e727821338f751855c2ce5d3

  Architecture independent components:
      Size/MD5 checksum:  2564014 4b908d0c48a2581d1f9722ecb31f302d

  Alpha architecture:
      Size/MD5 checksum:   757036 3821fd9cbd17ee52abc4838ef706db89
      Size/MD5 checksum:  7533618 8f3f4e131e3e37b7ada54d1f94b53772
      Size/MD5 checksum:   137042 3ec876921572725beab36a288e000c7f
      Size/MD5 checksum:   201636 70241ba4c8942167e7a52942bc1a3d3b
      Size/MD5 checksum:  1022098 4f55fb12b406f722ada2bde298d73488
      Size/MD5 checksum:  1029298 e2e25898b8bad76d32e5ad7c8a923467
      Size/MD5 checksum:   197890 f49d2029d624bd81243988ea37d7119b
      Size/MD5 checksum:   174352 51b9351402e9d14f4f452df5132d810b
      Size/MD5 checksum:   177678 9147a08ddc03b52a297292a5585c0a86
      Size/MD5 checksum:    36912 da90d5e50953757fd14c0a7207ffd1d3

  ARM architecture:
      Size/MD5 checksum:   743224 eca1a5b6414faba5504ffd8fa7af9452
      Size/MD5 checksum:  6589736 3022f814d5374ae021761efb1e25e073
      Size/MD5 checksum:   104228 2c36f53a88220fa1ea1dd00b57726f13
      Size/MD5 checksum:   186222 e9a09d7fd4b3d6fbb1eb510bcac30adf
      Size/MD5 checksum:   651562 8361bf373ba5a1cc7d512af7eccf7f34
      Size/MD5 checksum:   655080 9492e09991a9bf590625cb8d2d7274b9
      Size/MD5 checksum:   155136 5a71e196810ae1919b7da4c56a59680d
      Size/MD5 checksum:   124478 c2cedf9d502b8d9305cf73c4ed2ddaa5
      Size/MD5 checksum:   127494 9abe565871b1b308396bc09aad4bc7ff
      Size/MD5 checksum:    36914 a70c016630ea7d9d277eefaba2824c8e

  Intel IA-32 architecture:
      Size/MD5 checksum:   742546 5f07331b0c9a0e61725d0e7f81d73216
      Size/MD5 checksum:  6619234 105366e620237bac742d00e45e871922
      Size/MD5 checksum:   105750 e2086c74a1d2653bccec657a14fd8c54
      Size/MD5 checksum:   182570 8e90b65fe82563cbfaf2e2e7640c029e
      Size/MD5 checksum:   624794 66b3d47a86f1ca87ae654b6efe5541ab
      Size/MD5 checksum:   629100 98724a2ee31a491804aa7b5db2d5164e
      Size/MD5 checksum:   154462 a4e12261f833fa19994502ff4cc5df96
      Size/MD5 checksum:   123100 b0c2e06b9ea6375d5c6184aee734222b
      Size/MD5 checksum:   126216 93d578145e10a7582ce299456e9b7088
      Size/MD5 checksum:    36908 3707f77517c7ab8dbfe0b8c1c87237d4

  Intel IA-64 architecture:
      Size/MD5 checksum:   767278 beb8f1be54f3ab9d699dc429ed7fe0a9
      Size/MD5 checksum:  8843922 7f0bfd78ca3ebd193988341f4106d256
      Size/MD5 checksum:   153404 dc9e293451fbe090206ba4ff3726879e
      Size/MD5 checksum:   256680 2a16e33028cbd4c57f782437c672c1ad
      Size/MD5 checksum:  1045260 53cff6b9c9c87e7639bf561770874b67
      Size/MD5 checksum:  1050334 03bb1671adc028fc6e4cd79ca6960cfe
      Size/MD5 checksum:   199116 cf94f060e30e58450bcc2a4aad8bf1be
      Size/MD5 checksum:   185270 ed585193574913b65c2dff1c506c8aa9
      Size/MD5 checksum:   190732 74ef3c740d999a632010ee3d2b3fc733
      Size/MD5 checksum:    36914 34c415116ef8a6b802fbd99f10d7dcbf

  HP Precision architecture:
      Size/MD5 checksum:   749362 c736ea8685c39ed85deab6b2b590161d
      Size/MD5 checksum:  7343502 6f0af2eaf6ce06cc73c952cded61e49c
      Size/MD5 checksum:   117116 653293652c08d41d225b2c0ef23f67d7
      Size/MD5 checksum:   217674 fe0822c5e9cf6f6b188511ca1443ef66
      Size/MD5 checksum:  1111174 b605a2edcf240ef3de55ef2519fdcecc
      Size/MD5 checksum:  1115110 c324171c9d1718bfeea12504481d16af
      Size/MD5 checksum:   207106 9a0cd2d9a74eab43745e943a834fb48c
      Size/MD5 checksum:   171570 3dac858ec420b80827ba4831a5b69af4
      Size/MD5 checksum:   175696 52aa4713ee4d2a67160db75c3d1afc3e
      Size/MD5 checksum:    36918 b9018343f9d21a9214e3c0f61f358093

  Motorola 680x0 architecture:
      Size/MD5 checksum:   739630 bc5661843134d63e8a1d5bcd1dac0494
      Size/MD5 checksum:  6484458 2743a7e264d1adc110f8ab888784c46e
      Size/MD5 checksum:   103278 ce4846bd5706c05d25a1801a30b55116
      Size/MD5 checksum:   178182 1c184a14bee9684d35fd87f261fbbdd7
      Size/MD5 checksum:   628452 c8af2dc042d41941e17ee1afee68d3cd
      Size/MD5 checksum:   632812 552cce36fc2714583f5ec7442086c4ce
      Size/MD5 checksum:   150784 a40fc209f70da50edf8253f450e49d41
      Size/MD5 checksum:   120450 13b90cd1575a701389b071234ea51fb7
      Size/MD5 checksum:   123324 bd88c3074eeeac85b93d6980a4a5dbcb
      Size/MD5 checksum:    36922 eecbb0f9a1e9d62bc18dd0a0544252b6

  Big endian MIPS architecture:
      Size/MD5 checksum:   739530 3a3880906912737432ff5356ad3f7dc3
      Size/MD5 checksum:  6283658 99d00896a8915cbd97f447980cce5871
      Size/MD5 checksum:   106582 ed2c3833174bc5526ca7c42ba0f6f973
      Size/MD5 checksum:   160776 d870858339dfe852f96f5069184d1f3d
      Size/MD5 checksum:   620694 10cc05e88f12fb675b30efa0ddb1f112
      Size/MD5 checksum:   624656 6abcdfc5e4b315b0cf39c24bc25d9d70
      Size/MD5 checksum:   175532 eca29cd046da9aa464858dbca384c7cf
      Size/MD5 checksum:   123886 b1ecaa64b60ef1c22d021797d89c65cb
      Size/MD5 checksum:   126960 ec83a91f4d88e3f096d3df67804b4bd4
      Size/MD5 checksum:    36912 5fa9c60ee2a9ae39723fc2c73309443d

  Little endian MIPS architecture:
      Size/MD5 checksum:   738864 f2b4fc81f2bd27254f75b1a89388e5a5
      Size/MD5 checksum:  6190204 a8e85569c0ce9ddbc3320e053d01bc26
      Size/MD5 checksum:   105550 79be3c0abf1849b1edea9c98becee7d6
      Size/MD5 checksum:   159036 74036b2dd3ad9bb7dac1df96abd0e0ef
      Size/MD5 checksum:   613442 8f859310a032a7015ca33eb5e0511ce8
      Size/MD5 checksum:   617026 5083aac68798164ebb31993926ecc837
      Size/MD5 checksum:   174776 e9c645136c4a6fcf632124e12a9e941c
      Size/MD5 checksum:   122886 98d39fa8abc9f648a60cf600f95cdf56
      Size/MD5 checksum:   125908 2e7232d46c6d2210d63b7969e449afa2
      Size/MD5 checksum:    36918 2d75ebb93a44f7700ad170e3a2f0beef

  PowerPC architecture:
      Size/MD5 checksum:   740462 a9c96eae0295fed86ab7a4eebe51ccf2
      Size/MD5 checksum:  6727196 66ac2b21cedc54ecbf0e15df94c828f0
      Size/MD5 checksum:   105650 07936a1a6b329e8e00cc15e8dfc7a2c3
      Size/MD5 checksum:   182246 194e561449c20237cf2de877a016bf89
      Size/MD5 checksum:   690944 919dc4b130d8b219ea265f56d027238c
      Size/MD5 checksum:   694152 062f6189956872226fbe06af47a49b5d
      Size/MD5 checksum:   153334 594ed75e7295f687e8920e8521464669
      Size/MD5 checksum:   127288 d22f8143438d036cc435c8861b268880
      Size/MD5 checksum:   130224 2bc4c8da1566c1069d718c99ad1969cf
      Size/MD5 checksum:    36914 6aea832d34e5d870c9ce5f69bc410582

  IBM S/390 architecture:
      Size/MD5 checksum:   741954 35c8f7f427c7d56850477999b2e85681
      Size/MD5 checksum:  6741016 f485d66ae4225321e0689178ae3a21b5
      Size/MD5 checksum:   110190 98b0106936f027db9de58ebc0b8b7fa2
      Size/MD5 checksum:   176680 0ea5268cd0b9dc0906b2eb29fccf29b4
      Size/MD5 checksum:   641892 d1fef637391e5b5c54a145cc5f316f2b
      Size/MD5 checksum:   647062 cd6dd94b873cb6b41173dc731b013e85
      Size/MD5 checksum:   151130 d34e35e46f3b0753adc326a491c19b8f
      Size/MD5 checksum:   129626 bd72b22c6c16da6a89ad570bc0fa0803
      Size/MD5 checksum:   133104 963aed0b662286bb85bcac1e28244ef6
      Size/MD5 checksum:    36916 df4b5fe81af1a603b0144876be0d8046

  Sun Sparc architecture:
      Size/MD5 checksum:   741334 2e5a84a129b56f0d3025c010932fecea
      Size/MD5 checksum:  6592820 2d2050645c78b7c60705910505b162fa
      Size/MD5 checksum:   117450 2998e8fd299ea48da9710be4f3fac3d1
      Size/MD5 checksum:   183998 afdafb1138def7257b72368135f14619
      Size/MD5 checksum:   664618 a00891b3eeedcbd434d8939c261ffc53
      Size/MD5 checksum:   668594 b302d78b3767fc83e2459145e6ded6e9
      Size/MD5 checksum:   151502 da2943b8b5abbbc16f06381f95a55c52
      Size/MD5 checksum:   128404 33a063c7d927e2f0fc1195c991eed1a5
      Size/MD5 checksum:   131126 93ef5d8403ae7c8abb627d14c19b7a45
      Size/MD5 checksum:    36912 2bd96dce7884f7f11b3dd70f48726c89

  These files will probably be moved into the stable distribution on
  its next revision.

- ---------------------------------------------------------------------------------
For apt-get: deb stable/updates main
For dpkg-ftp: dists/stable/updates/main
Mailing list:
Package info: `apt-cache show ' and

< Prev   Next >


Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Weekend Edition
FBI Quietly Removes Recommendation To Encrypt Your Phone
And the prize for LEAST SECURE BROWSER goes to ... Chrome!
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2015 Guardian Digital, Inc. All rights reserved.