Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200501-18] KDE FTP KIOslave: Command injection Vulnerability Scan
Vulnerability Scan Summary
KDE FTP KIOslave: Command injection
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200501-18
(KDE FTP KIOslave: Command injection)
The FTP KIOslave fails to properly parse URL-encoded newline
A possible hacker could exploit this to execute arbitrary FTP commands on the
server and due to similiarities between the FTP and the SMTP protocol,
this vulnerability also allows a possible hacker to connect to a SMTP server
and issue arbitrary commands, for example sending an email.
There is no known workaround at this time.
All kdelibs users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose kde-base/kdelibs
Threat Level: Medium
Click HERE for more information and discussions on this network vulnerability scan.