CVE-2002-1393

Name of the Vulnerable Software and Affected Versions KDE versions 2.2.2 through 3.0.5 kde-i18n-Japanese-2.2.2 version 2.2.2 kdemultimedia-2.2.2 version 2.2.2 lskat version (affected versions not specified) artsbuilder version (affected versions not specified) kde-i18n-Spanish-2.2.2 version 2.2.2 kde-i18n-German-2.2.2 version 2.2.2 kde-i18n-Chinese-2.2.2 version 2.2.2 kde-i18n-Korean-2.2.2 version 2.2.2 kde-i18n-Bulgarian-2.2.2 version 2.2.2 kdesdk version (affected versions not specified) kdevelop-2.0.2 version 2.0.2 kde-i18n-Xhosa-2.2.2 version 2.2.2 kdenetwork-2.2.2 version 2.2.2 libarts-mpeglib version (affected versions not specified) kdeadmin-2.2.2 version 2.2.2 poxml version (affected versions not specified) kde-i18n-Turkish-2.2.2 version 2.2.2 kde-i18n-2.2.2 version 2.2.2 kdepim-dev version (affected versions not specified) kde-i18n-Ukrainian-2.2.2 version 2.2.2 kde-i18n-Maltese-2.2.2 version 2.2.2 kde-i18n-Finnish-2.2.2 version 2.2.2 kde-i18n-Italian-2.2.2 version 2.2.2 kde-i18n-Hungarian-2.2.2 version 2.2.2 kde-i18n-Slovak-2.2.2 version 2.2.2 kde-i18n-Lithuanian-2.2.2 version 2.2.2 kde-i18n-Portuguese-2.2.2 version 2.2.2 kde-i18n-Afrikaans-2.2.2 version 2.2.2 kdepim-2.2.2 version 2.2.2 kde-i18n-Dutch-2.2.2 version 2.2.2 kde-i18n-Norwegian-2.2.2 version 2.2.2 kde-i18n-Norwegian-Nynorsk-2.2.2 version 2.2.2 kdepalettes version (affected versions not specified) kde-i18n-Icelandic-2.2.2 version 2.2.2 kde-i18n-British-2.2.2 version 2.2.2 kdesupport-2.2 version 2.2 kde-i18n-Tamil-2.2.2 version 2.2.2 kde-i18n-Romanian-2.2.2 version 2.2.2 kdepim-libs version (affected versions not specified) kde-i18n-Slovenian-2.2.2 version 2.2.2 kde-i18n-Danish-2.2.2 version 2.2.2 kde-i18n-Hebrew-2.2.2 version 2.2.2 kdf version (affected versions not specified) klpq version (affected versions not specified) klprfax version (affected versions not specified) kde-i18n-Thai-2.2.2 version 2.2.2 kde-i18n-Greek-2.2.2 version 2.2.2 kdemultimedia-dev version (affected versions not specified) kdeutils-2.2.2 version 2.2.2 kde-i18n-Polish-2.2.2 version 2.2.2 kde-i18n-Czech-2.2.2 version 2.2.2 kde-i18n-Serbian-2.2.2 version 2.2.2 kde-i18n-Brazil-2.2.2 version 2.2.2 kdesdk-2.2.2 version 2.2.2 kde-i18n-Russian-2.2.2 version 2.2.2 kde-i18n-French-2.2.2 version 2.2.2 kde-i18n-Esperanto-2.2.2 version 2.2.2 kdesdk-doc version (affected versions not specified) khexedit version (affected versions not specified) kdecarddecks version (affected versions not specified) kdegraphics-2.2.2 version 2.2.2 kde-i18n-Swedish-2.2.2 version 2.2.2 kde-i18n-Estonian-2.2.2 version 2.2.2 kdebindings-2.2.2 version 2.2.2 kuser version (affected versions not specified)

Description Multiple vulnerabilities have been discovered in various KDE packages, which can lead to a breach of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely. The vulnerabilities are caused by the failure to quote certain parameters that are inserted into a shell command, allowing remote attackers to execute arbitrary commands via URLs, filenames, or e-mail addresses.

Recommendations For KDE versions 2.2.2 through 3.0.5, update to a version later than 3.0.5. For kde-i18n-Japanese-2.2.2 version 2.2.2, update to a version later than 2.2.2. For kdemultimedia-2.2.2 version 2.2.2, update to a version later than 2.2.2. For lskat, artsbuilder, kdesdk, kdevelop-2.0.2, kdenetwork-2.2.2, libarts-mpeglib, kdeadmin-2.2.2, poxml, kdepim-dev, kdepim-libs, kdf, klpq, klprfax, kdemultimedia-dev, kdeutils-2.2.2, kdesdk-doc, khexedit, kdecarddecks, and kuser, update to the latest version available. For all other affected packages, update to a version later than the specified version. As a temporary workaround, consider disabling the execution of shell commands with unquoted parameters until a patch is available.