Family: Red Hat Local Security Checks --> Category: infos
RHSA-2004-005: kdepim Vulnerability Scan
Vulnerability Scan Summary
Check for the version of the kdepim packages
Detailed Explanation for this Vulnerability Test
Updated kdepim packages are now available that fix a local buffer overflow
The K Desktop Environment (KDE) is a graphical desktop for the X Window
System. The KDE Personal Information Management (kdepim) suite helps you to
organize your mail, tasks, appointments, and contacts.
The KDE team found a buffer overflow in the file information reader of
VCF files. A possible hacker could construct a VCF file so that when it was
opened by a victim it would execute arbitrary commands. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CVE-2003-0988 to this issue.
Users of kdepim are advised to upgrade to these erratum packages which
contain a backported security patch that corrects this issue.
Solution : http://rhn.redhat.com/errata/RHSA-2004-005.html
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.