Mandrake Linux Security Advisory : kopete (MDKSA-2003:055)

high Nessus Plugin ID 14039

Synopsis

The remote Mandrake Linux host is missing one or more security updates.

Description

A vulnerability was discovered in versions of kopete, a KDE instant messenger client, prior to 0.6.2. This vulnerability is in the GnuPG plugin that allows for users to send each other GPG-encrypted instant messages. The plugin passes encrypted messages to gpg, but does no checking to sanitize the commandline passed to gpg. This can allow remote users to execute arbitrary code, with the permissions of the user running kopete, on the local system.

Solution

Update the affected kopete and / or libkopete1 packages.

See Also

http://www.nessus.org/u?8641695a

Plugin Details

Severity: High

ID: 14039

File Name: mandrake_MDKSA-2003-055.nasl

Version: 1.21

Type: local

Published: 7/31/2004

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.5

CVSS v2

Risk Factor: High

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:kopete, p-cpe:/a:mandriva:linux:libkopete1, cpe:/o:mandrakesoft:mandrake_linux:9.1

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Patch Publication Date: 5/8/2003

Reference Information

CVE: CVE-2003-0256

MDKSA: 2003:055