LWN.net Logo

Advertisement

TrustCommerce

E-Commerce & credit card processing - the Open Source way!

Advertise here

Not logged in

Log in now

Create an account

Subscribe to LWN

Sponsored link

Vyatta – Linux & Open Source Alternative to Cisco – Advanced Routing, Firewall, VPN, QoS..
Free Download ->

Recent Features

LK2008: The values of the Linux community

LWN.net Weekly Edition for October 9, 2008

Plugging into GCC

LWN.net Weekly Edition for October 2, 2008

Ubuntu debuts its Upstream Report

Printable page
Weekly edition Kernel Security Distributions Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ

KDE - command parameter quoting problems

Package(s):kde CVE #(s):CAN-2002-1393
Created:December 23, 2002 Updated:February 21, 2003
Description: In some instances, KDE (versions 2 and 3) fails to properly quote parameters of instructions passed to a command shell for execution.

These parameters may incorporate data such as URLs, filenames and e-mail addresses, and this data may be provided remotely to a victim in an e-mail, a webpage or files on a network filesystem or other untrusted source.

By carefully crafting such data an attacker might be able to execute arbitary commands on a vulnerable sytem using the victim's account and privileges.

See this announcement for more details.

Alerts:
Conectiva CLA-2003:569 2003-02-20
Debian DSA-243-1 2003-01-24
Debian DSA-242-1 2003-01-24
Debian DSA-241-1 2003-01-24
Debian DSA-239-1 2003-01-23
Debian DSA-240-1 2003-01-23
Debian DSA-237-1 2003-01-22
Debian DSA-238-1 2003-01-23
Debian DSA-236-1 2003-01-22
Debian DSA-235-1 2003-01-22
Debian DSA-234-1 2003-01-22
Gentoo 200301-11 2003-01-18
Mandrake MDKSA-2003:004-1 2003-01-17
Mandrake MDKSA-2003:004 2003-01-13
Gentoo 200212-9 2002-12-22
(Log in to post comments)

Copyright © 2008, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds