kopete: vulnerabiliy in GnuPG plugin
| Package(s): | kopete |
CVE #(s): | CAN-2003-0256
|
| Created: | May 8, 2003 |
Updated: | June 27, 2003 |
| Description: |
A vulnerability was discovered in versions of kopete
prior to 0.6.2. Kopete is a KDE instant messenger client. This
vulnerabiliy is in the GnuPG plugin that allows for users to send each
other GPG-encrypted instant messages. The plugin passes encrypted messages
to gpg, but does no checking to sanitize the commandline passed to gpg.
This can allow remote users to execute arbitrary code, with the permissions
of the user running kopete, on the local system. |
| Alerts: |
|
