|
|
Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200501-18] KDE FTP KIOslave: Command injection Vulnerability Scan
Vulnerability Scan Summary
KDE FTP KIOslave: Command injection
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200501-18
(KDE FTP KIOslave: Command injection)
The FTP KIOslave fails to properly parse URL-encoded newline
characters.
Impact
A possible hacker could exploit this to execute arbitrary FTP commands on the
server and due to similiarities between the FTP and the SMTP protocol,
this vulnerability also allows a possible hacker to connect to a SMTP server
and issue arbitrary commands, for example sending an email.
Workaround
There is no known workaround at this time.
References:
http://www.kde.org/info/security/advisory-20050101-1.txt
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1165
Solution:
All kdelibs users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose kde-base/kdelibs
Threat Level: Medium
Click HERE for more information and discussions on this network vulnerability scan.
|
