Family: Mandrake Local Security Checks --> Category: infos
MDKSA-2004:047: kdelibs Vulnerability Scan
Vulnerability Scan Summary
Check for the version of the kdelibs package
Detailed Explanation for this Vulnerability Test
The remote host is missing the patch for the advisory MDKSA-2004:047 (kdelibs).
A vulnerability in the Opera web browser was identified by iDEFENSE
type of vulnerability exists in KDE. The telnet, rlogin, ssh, and mailto URI
handlers do not check for '-' at the beginning of the hostname passed, which
makes it possible to pass an option to the programs started by the handlers.
This can allow remote attackers to create or truncate arbitrary files.
The updated packages contain patches provided by the KDE team to fix this
Solution : http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2004:047
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.