Gentoo: kopte arbitrary code execution vulnerability
Posted by LinuxSecurity.com Team   
Gentoo The GnuPG plugin in kopete before 0.6.2 does not properly cleanse the command line when executing gpg, which allows remote attackers to execute arbitrary commands.

- - - ---------------------------------------------------------------------
GENTOO LINUX SECURITY ANNOUNCEMENT 200305-03
- - - ---------------------------------------------------------------------

          PACKAGE : kopete
          SUMMARY : Unsafe command line cleansing
             DATE : 2003-05-14 07:39 UTC
          EXPLOIT : remote
VERSIONS AFFECTED : =kopete-0.6.2
              CVE : CAN-2003-0256

- - - ---------------------------------------------------------------------

The GnuPG plugin in kopete before 0.6.2 does not properly cleanse the 
command line when executing gpg, which allows remote attackers to 
execute arbitrary commands.

SOLUTION

It is recommended that all Gentoo Linux users who are running
net-im/kopete upgrade to kopete-0.6.2 as follows:

emerge sync
emerge kopete
emerge clean

- - - ---------------------------------------------------------------------
aliz@gentoo.org - GnuPG key is available at  http://cvs.gentoo.org/~aliz
- - - ---------------------------------------------------------------------