7.5

CVE-2002-1393

Multiple vulnerabilities in KDE 2 and KDE 3.x through 3.0.5 do not quote certain parameters that are inserted into a shell command, which could allow remote attackers to execute arbitrary commands via (1) URLs, (2) filenames, or (3) e-mail addresses.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
KdeKde Version2.0
KdeKde Version2.0.1
KdeKde Version2.1
KdeKde Version2.1.1
KdeKde Version2.1.2
KdeKde Version2.2
KdeKde Version2.2.1
KdeKde Version2.2.2
KdeKde Version3.0
KdeKde Version3.0.1
KdeKde Version3.0.2
KdeKde Version3.0.3
KdeKde Version3.0.3a
KdeKde Version3.0.4
KdeKde Version3.0.5
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3.67% 0.882
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000569
http://marc.info/?l=bugtraq&m=104049734911544&w=2
http://marc.info/?l=bugtraq&m=104066520330397&w=2
http://secunia.com/advisories/8067
http://secunia.com/advisories/8103
http://www.debian.org/security/2003/dsa-234
http://www.debian.org/security/2003/dsa-235
http://www.debian.org/security/2003/dsa-236
http://www.debian.org/security/2003/dsa-237
http://www.debian.org/security/2003/dsa-238
http://www.debian.org/security/2003/dsa-239
http://www.debian.org/security/2003/dsa-240
http://www.debian.org/security/2003/dsa-241
http://www.debian.org/security/2003/dsa-242
http://www.debian.org/security/2003/dsa-243
Patch
Vendor Advisory
http://www.kde.org/info/security/advisory-20021220-1.txt
Patch
Vendor Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2003:004
http://www.redhat.com/support/errata/RHSA-2003-002.html
http://www.redhat.com/support/errata/RHSA-2003-003.html
http://www.securityfocus.com/bid/6462