CVE-2004-1165

Name of the Vulnerable Software and Affected Versions Konqueror version 3.3.1 kdebase-devel versions 2.2.2 through 3.1.3 kdebase versions 2.2.2 through 3.1.3

Description The issue allows remote attackers to execute arbitrary commands, potentially leading to a breach of confidentiality, integrity, and availability of protected information. This can be achieved by exploiting multiple vulnerabilities in the affected packages, which can be done remotely. For example, in Konqueror, an ftp:// URL containing a URL-encoded newline ("%0a") before an FTP command can cause the commands to be inserted into the resulting FTP session.

Recommendations For Konqueror version 3.3.1, consider disabling the ability to handle ftp:// URLs until a patch is available. For kdebase-devel versions 2.2.2 through 3.1.3, restrict access to sensitive information and functions to minimize the risk of exploitation. For kdebase versions 2.2.2 through 3.1.3, avoid using potentially vulnerable components or functions until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.