CVE-2002-1393

NameCVE-2002-1393
DescriptionMultiple vulnerabilities in KDE 2 and KDE 3.x through 3.0.5 do not quote certain parameters that are inserted into a shell command, which could allow remote attackers to execute arbitrary commands via (1) URLs, (2) filenames, or (3) e-mail addresses.
SourceCVE (at NVD; oss-sec, fulldisc, OSVDB, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, more)
ReferencesDSA-234, DSA-235, DSA-236, DSA-237, DSA-238, DSA-239, DSA-240, DSA-241, DSA-242, DSA-243
NVD severityhigh (attack range: remote)
Debian/oldstablenot vulnerable.
Debian/stablenot vulnerable.
Debian/testingnot vulnerable.
Debian/unstablenot vulnerable.

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
kdeadmin (PTS)squeeze4:4.4.5-4fixed
wheezy4:4.8.4-3fixed
kdebase (PTS)squeeze4:4.4.5-2fixed
kdegames (PTS)squeeze4:4.4.5-1fixed
wheezy4:4.8.4-3fixed
kdegraphics (PTS)squeeze4:4.4.5-2fixed
kdelibs (PTS)squeeze4:3.5.10.dfsg.1-5fixed
kdemultimedia (PTS)squeeze4:4.4.5-1fixed
wheezy4:4.8.4-2fixed
kdenetwork (PTS)squeeze4:4.4.5-2+squeeze1fixed
wheezy4:4.8.4-1fixed
kdepim (PTS)squeeze4:4.4.7-3fixed
wheezy4:4.4.11.1+l10n-3fixed
jessie4:4.14.1-1fixed
sid4:4.14.2-2fixed
kdesdk (PTS)squeeze4:4.4.5-1fixed
wheezy4:4.8.4+dfsg-1fixed
kdeutils (PTS)squeeze4:4.4.5-1+squeeze1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
kdeadminsource(unstable)4:3.0.5ahigh
kdeadminsourcewoody2.2.2-7.2highDSA-234
kdebasesource(unstable)4:3.0.5ahigh
kdebasesourcewoody2.2.2-14.2highDSA-242
kdegamessource(unstable)4:3.0.5ahigh
kdegamessourcewoody2.2.2-2.2highDSA-240
kdegraphicssource(unstable)4:3.0.5ahigh
kdegraphicssourcewoody2.2.2-6.10highDSA-235
kdelibssource(unstable)4:3.0.5ahigh
kdelibssourcewoody2.2.2-13.woody.6highDSA-236
kdemultimediasource(unstable)4:3.0.5ahigh
kdemultimediasourcewoody2.2.2-8.2highDSA-243
kdenetworksource(unstable)4:3.0.5ahigh
kdenetworksourcewoody2.2.2-14.6highDSA-237
kdepimsource(unstable)4:3.0.5ahigh
kdepimsourcewoody2.2.2-5.2highDSA-238
kdesdksource(unstable)4:3.0.5ahigh
kdesdksourcewoody2.2.2-3.2highDSA-239
kdeutilssource(unstable)4:3.0.5ahigh
kdeutilssourcewoody2.2.2-9.2highDSA-241

Search for package or bug name: Reporting problems