Detections
Analytics
Mandrake Linux Security Advisory : kdepim (MDKSA-2004:003)
high Nessus Plugin ID 14103
Synopsis
The remote Mandrake Linux host is missing one or more security updates.Description
A vulnerability was discovered in all versions of kdepim as distributed with KDE versions 3.1.0 through 3.1.4. This vulnerability allows for a carefully crafted .VCF file to potentially enable a local attacker to compromise the privacy of a victim's data or execute arbitrary commands with the victim's privileges. This can also be used by remote attackers if the victim enables previews for remote files;however this is disabled by default.
The provided packages contain a patch from the KDE team to correct this problem.
Solution
Update the affected packages.Plugin Details
Severity: High
ID: 14103
File Name: mandrake_MDKSA-2004-003.nasl
Version: 1.18
Type: local
Family: Mandriva Local Security Checks
Published: 7/31/2004
Updated: 1/6/2021
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.8
CVSS v2
Risk Factor: High
Base Score: 7.5
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
Vulnerability Information
CPE: p-cpe:/a:mandriva:linux:kdepim, p-cpe:/a:mandriva:linux:kdepim-common, p-cpe:/a:mandriva:linux:kdepim-devel, p-cpe:/a:mandriva:linux:kdepim-kaddressbook, p-cpe:/a:mandriva:linux:kdepim-karm, p-cpe:/a:mandriva:linux:kdepim-knotes, p-cpe:/a:mandriva:linux:kdepim-korganizer, p-cpe:/a:mandriva:linux:kdepim-kpilot, p-cpe:/a:mandriva:linux:lib64kdepim2-common, p-cpe:/a:mandriva:linux:lib64kdepim2-common-devel, p-cpe:/a:mandriva:linux:lib64kdepim2-korganizer, p-cpe:/a:mandriva:linux:lib64kdepim2-korganizer-devel, p-cpe:/a:mandriva:linux:lib64kdepim2-kpilot, p-cpe:/a:mandriva:linux:lib64kdepim2-kpilot-devel, p-cpe:/a:mandriva:linux:libkdepim2-common, p-cpe:/a:mandriva:linux:libkdepim2-common-devel, p-cpe:/a:mandriva:linux:libkdepim2-korganizer, p-cpe:/a:mandriva:linux:libkdepim2-korganizer-devel, p-cpe:/a:mandriva:linux:libkdepim2-kpilot, p-cpe:/a:mandriva:linux:libkdepim2-kpilot-devel, cpe:/o:mandrakesoft:mandrake_linux:9.1, cpe:/o:mandrakesoft:mandrake_linux:9.2
Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list
Patch Publication Date: 1/14/2004
Reference Information
CVE: CVE-2003-0988
MDKSA: 2004:003