--------------------------------------------------------------------------Debian Security Advisory DSA 631-1                     security@debian.org
http://www.debian.org/security/                             Martin Schulze
January 10th, 2005                      http://www.debian.org/security/faq
--------------------------------------------------------------------------Package        : kdelibs
Vulnerability  : unsanitised input
Problem-Type   : remote
Debian-specific: no
CVE ID         : CAN-2004-1165
BugTraq ID     : 11827
Debian Bug     : 287201

Thiago Macieira discovered a vulnerability in the kioslave library,
which is part of kdelibs, which allows a remote attacker to execute
arbitrary FTP commands via an ftp:// URL that contains an URL-encoded
newline before the FTP command.

For the stable distribution (woody) this problem has been fixed in
version 2.2.2-13.woody.13.

For the unstable distribution (sid) this problem will be fixed soon.

We recommend that you upgrade your kdelibs3 package.


Upgrade Instructions
--------------------wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
--------------------------------  Source archives:

          Size/MD5 checksum:     1355 9f1e4e8b1a72437dc747d3bfe888c666
          Size/MD5 checksum:    60430 c3a698d55e20f3728b4bbe97e9526811
          Size/MD5 checksum:  6396699 7a9277a2e727821338f751855c2ce5d3

  Architecture independent components:

          Size/MD5 checksum:  2564706 9a50557f2f62784657a6e1e32082ecf2

  Alpha architecture:

          Size/MD5 checksum:   757688 dd6923238a88caa78044bd52a2f98d57
          Size/MD5 checksum:  7533272 9f5b2429c330a0782646085a95908fd3
          Size/MD5 checksum:   137604 277dc86087dc4403c675317bdb3cf32b
          Size/MD5 checksum:   202192 208698d6df409f737b5d489115790783
          Size/MD5 checksum:  1022456 f13b1bf9a0de99922522976a4f0c05c6
          Size/MD5 checksum:  1029340 4e6fb0ab7e3ba765617dbd860d910faa
          Size/MD5 checksum:   198392 0e8b5d5b1e4874744faee948d58435c9
          Size/MD5 checksum:   174916 c1f73f9648de0fa7c35dc88f6976a87b
          Size/MD5 checksum:   178366 fd3e1407968bd90f3ca32c1bd3e61bd6
          Size/MD5 checksum:    37414 c08246070fb2f52ae94c59b50f82cbf9

  ARM architecture:

          Size/MD5 checksum:   743962 47723eb9417b084a049b13824d5f0da9
          Size/MD5 checksum:  6590134 d19e19217d361c4ca229186ce794c213
          Size/MD5 checksum:   104794 a80c15dd83aceecf6d05fb01a381a582
          Size/MD5 checksum:   186800 2de874daa00f8b17807f5efa95ccdac2
          Size/MD5 checksum:   651944 df001c3bba12297757812caa0bcb676a
          Size/MD5 checksum:   655556 05b24ff6a055b8fbe6ba3f1795631533
          Size/MD5 checksum:   155864 f9268cec205df73dc25602d64738c356
          Size/MD5 checksum:   125018 60de0c401b10157b45f24c4f34c4d23c
          Size/MD5 checksum:   128128 ff5f7f66cc6e4ff8079c18499b5bb8c0
          Size/MD5 checksum:    37410 b3e2a7b2faae47b21929bc35eb2c98d5

  Intel IA-32 architecture:

          Size/MD5 checksum:   743254 4caa9cdefd22a558a2030b806e150717
          Size/MD5 checksum:  6639808 cb49d4526e939979a05b820663551b5c
          Size/MD5 checksum:   106324 4799aeee22a9732ff2549010f3350b2b
          Size/MD5 checksum:   183322 2a63cc241cbe10822f37d1733cca114b
          Size/MD5 checksum:   625464 c98c7031a878f758d226cebe1887eeab
          Size/MD5 checksum:   629712 0e9c222aa4251970a69546d3c8e28c75
          Size/MD5 checksum:   155900 d539482e4f19dd555ef4fc57727747f8
          Size/MD5 checksum:   123712 41ed509e764c68c082e73262c21ce332
          Size/MD5 checksum:   126790 df83febebfe326d760530ad5f9a79f51
          Size/MD5 checksum:    37414 0d24cd4d03f4c8dbde9254bbde84232d

  Intel IA-64 architecture:

          Size/MD5 checksum:   768116 91c03e1b564a015d5e92d01ead2f6451
          Size/MD5 checksum:  8843460 69c19168154f704047d64dd88847c70b
          Size/MD5 checksum:   153932 7ece8356ca3962b7196f15519114038a
          Size/MD5 checksum:   257512 2058f03f33ccfcc118d8fe302aeea3b1
          Size/MD5 checksum:  1045706 c394fc1bd3a8cc10657a573376056cfa
          Size/MD5 checksum:  1051150 876d795e349b5eb87fd981c206c0e17c
          Size/MD5 checksum:   199694 960281cc920bb56c6ae22cb8501c45ab
          Size/MD5 checksum:   185712 2cfd9e82757cd6155bdfb8622762db66
          Size/MD5 checksum:   191226 a7ff1986e0d54c69083a519bb41414ce
          Size/MD5 checksum:    37408 f03bc5824688ae2188d915c02bd35001

  HP Precision architecture:

          Size/MD5 checksum:   750044 bf9e9538ff0ae4f04d314d0e190ba87f
          Size/MD5 checksum:  7345290 90e867caf7837b8b2b863c53d1d821bb
          Size/MD5 checksum:   117690 8f68f3e418000d803ce8dece02af15b6
          Size/MD5 checksum:   218160 bc41b54ce12b2db6adb6a35547a7bd16
          Size/MD5 checksum:  1111924 4667cefbe0056a23f337884436c09510
          Size/MD5 checksum:  1115514 2c04bec4f2a6e242321b6edaedea0686
          Size/MD5 checksum:   207908 91c9bc6d622888c0ede43ecba31bcb77
          Size/MD5 checksum:   172218 7d5d280cf79772917ce0ab9896b9f361
          Size/MD5 checksum:   176358 8b1cf4d1a479f7e1cea419f2dc1098ab
          Size/MD5 checksum:    37408 69293e3f4b104c85adef4521df7d07fd

  Motorola 680x0 architecture:

          Size/MD5 checksum:   740368 2a77fccf3f8a342946575065373dbd62
          Size/MD5 checksum:  6484976 d315d8f12097fa3dbaa08dcb0be67e1f
          Size/MD5 checksum:   103834 f03d0a40602fd442df45a229df3dbea6
          Size/MD5 checksum:   178722 d26c0f719886747d1709c110ad034b16
          Size/MD5 checksum:   628884 cd8c249abf5f1724b34d4800404dd62b
          Size/MD5 checksum:   633404 41ed2c1f76d4d2bc26f98b8bf2fdd895
          Size/MD5 checksum:   151352 d98fe7855c9794fb39dbb46980a632ab
          Size/MD5 checksum:   120964 21aa4fa0c572cf37083b7a90ea8fc00b
          Size/MD5 checksum:   123888 413e21f67c36c46ad05c0824656db826
          Size/MD5 checksum:    37418 ff5766f8588e2c08c95002efc6860e70

  Big endian MIPS architecture:

          Size/MD5 checksum:   740170 9867121e6108bfdbb5f4b7ca1d6454b8
          Size/MD5 checksum:  6284608 1bff0261be6c8eea8c4cf4cc63f57f8c
          Size/MD5 checksum:   107108 ec5433a58078b3f07658563dd2c46dc9
          Size/MD5 checksum:   161238 4e686e5be67f47c5fda98d3dddef7330
          Size/MD5 checksum:   621128 dd49b6b852e069e1013f492573ee6313
          Size/MD5 checksum:   625454 71a7a6d2b8840be6fc85d3a9561d33c0
          Size/MD5 checksum:   176112 a83da928b5e671bb91b4b948483301a3
          Size/MD5 checksum:   124514 55d3861410c4197ed62d038f6b0e0174
          Size/MD5 checksum:   127520 d0ed4fa232f26c2614e409b63dcbb404
          Size/MD5 checksum:    37416 d50528b065c60365fce0f4f547fa1081

  Little endian MIPS architecture:

          Size/MD5 checksum:   739504 9c820274c13b065fd07f70a7aeb1d76c
          Size/MD5 checksum:  6190780 c94de3b327a3ea6e6da8ac924f0c95b8
          Size/MD5 checksum:   106116 d3e01486a63d316c7e810c918f552f89
          Size/MD5 checksum:   159470 708f7419e7159ee0c9379e21893cb012
          Size/MD5 checksum:   613928 d4432e95d2ecf4d27e57addf221290c3
          Size/MD5 checksum:   617482 0949980c00dc4c0e4e2230e7564c79ed
          Size/MD5 checksum:   175278 69d9f9e674c087d21cac575a3b719366
          Size/MD5 checksum:   123532 efc8d3c2537bedf25efd48f1ebd36a8b
          Size/MD5 checksum:   126502 2e3592fb492f5d378f98ba2a4780d57c
          Size/MD5 checksum:    37416 9909601d093c5724f16bef19159f3f86

  PowerPC architecture:

          Size/MD5 checksum:   741200 72157542a537a782a753d20377791f70
          Size/MD5 checksum:  6743390 7b96545e5ae4ec6072bc4cc9a5614d0a
          Size/MD5 checksum:   106234 b216558d8fae124b2ef7b84e00e23e2a
          Size/MD5 checksum:   182866 efa1b57fdc82602a9e0115ba5da5f98b
          Size/MD5 checksum:   691294 bb4194b02266ce96725464dadb914964
          Size/MD5 checksum:   694974 48baf346a6a343e5dcdb71c072a7ff35
          Size/MD5 checksum:   154106 597dcec6c1576357d49307bff5caeeb0
          Size/MD5 checksum:   127836 706d72cd9a65dfad671376aec0e05af5
          Size/MD5 checksum:   130734 30bf40e7f6082cf1deb935296aab00d1
          Size/MD5 checksum:    37418 2d5ef75c2333eb45f6d220705d1a4bde

  IBM S/390 architecture:

          Size/MD5 checksum:   742686 d4287af872c4190ea497fa17d1208760
          Size/MD5 checksum:  6743956 3d20d186ccc54d960a61a2b8448f5705
          Size/MD5 checksum:   110756 f8a793df44bd3fa43ebd336955b1c5db
          Size/MD5 checksum:   177228 0b9b04cd294b5f67a2962e5148dee8d9
          Size/MD5 checksum:   642566 f25a3ebbfef855b98e23695ee9cf4b8a
          Size/MD5 checksum:   647584 6865ea6583be755372d292f58b975e7e
          Size/MD5 checksum:   151696 8c465cb74fa93c4cc22b55e32cfff3c4
          Size/MD5 checksum:   130184 f3d7293b8c5b615ae5ac87cd3f163ef8
          Size/MD5 checksum:   133604 77fc9edf6261076d1b966cf41a2da7ec
          Size/MD5 checksum:    37414 9ee65840380742736c9c84196efc8a24

  Sun Sparc architecture:

          Size/MD5 checksum:   742052 769ed2038e89a752099b76b3e7013762
          Size/MD5 checksum:  6580508 77bbc933d96d8f445ac1b33d9fe07a89
          Size/MD5 checksum:   118032 b5803cc83bfa18ca4ceebc2775ae2a2d
          Size/MD5 checksum:   184454 4623c000bb8bca53541a70313c117702
          Size/MD5 checksum:   665306 d97b8aa08520060e4b34c52bde2c30b8
          Size/MD5 checksum:   669144 5fa5d0c77445e60b8f9729f571d7e802
          Size/MD5 checksum:   152112 6371ee88e1c46bd41ddbc7bbb7ec3100
          Size/MD5 checksum:   128956 79ecddc9557a7f31a7395d4aa551cc3b
          Size/MD5 checksum:   131662 01919846b6cc30d473eb87022fed41a2
          Size/MD5 checksum:    37412 f66c9283e94542c62f125701f6d99178


  These files will probably be moved into the stable distribution on
  its next update.

---------------------------------------------------------------------------------For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp:  dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show ' and http://packages.debian.org/

Debian: kdelibs arbitrary FTP command execution fix

January 10, 2005
Thiago Macieira discovered a vulnerability in the kioslave library, which is part of kdelibs, which allows a remote attacker to execute arbitrary FTP commands via an ftp:// URL tha...

Summary

Severity

Related News

24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
28.Lock Globe Esm H320
1 - 2 min read
A resurgence of cyberattacks targeting Linux systems in Asian campaigns through the utilization of the Pupy Remote Access Trojan (RAT) has been
27.Tablet Connections Blocks Lock Esm H320
2 - 4 min read
Canonical has recently announced the Beta release of Ubuntu Linux 24.04 LTS , codenamed "Noble Numbat." This release aims to continue Ubuntu's
21.Globe RadiatingCode Esm H320
2 - 3 min read
The open-source movement has come a long way, from its origins in the 1960s and 1970s to becoming an integral part of organizations worldwide.
13.Lock StylizedMotherboard Esm H320
2 - 3 min read
The Rust-based Edera project demonstrates a unique approach to container security that addresses cloud-native computing challenges. Let's examine
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved