Family: Mandrake Local Security Checks --> Category: infos
MDKSA-2004:003: kdepim Vulnerability Scan
Vulnerability Scan Summary
Check for the version of the kdepim package
Detailed Explanation for this Vulnerability Test
The remote host is missing the patch for the advisory MDKSA-2004:003 (kdepim).
A vulnerability was discovered in all versions of kdepim as distributed with KDE
versions 3.1.0 through 3.1.4. This vulnerability allows for a carefully crafted
.VCF file to potentially enable a local attacker to compromise the privacy of a
victim's data or execute arbitrary commands with the victim's rights. This
can also be used by remote attackers if the victim enables previews for remote
however this is disabled by default.
The provided packages contain a patch from the KDE team to correct this problem.
Solution : http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2004:003
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.