KDE Security Advisory: rlogin.protocol and telnet.protocol URL KIO Vulnerability
admin at kclinux.net
admin at kclinux.net
Fri Nov 22 16:13:06 CST 2002
http://www.kde.org/info/security/advisory-20021111-1.txt
"Vulnerabilities were discovered in the KIO subsystem support for various
network protocols. The implementation of the rlogin protocol affects all
KDE versions from 2.1 up to 3.0.4, while the flawed implementation of the
telnet protocol only affects KDE 2.x. They allow a carefully crafted URL in
an HTML page, HTML email, or other KIO-enabled application to execute
arbitrary commands as the victim with their privilege."
"The implementation of the rlogin protocol in all of the affected systems,
and the implementation of the telnet protocol in affected KDE 2 systems,
allows a carefully crafted URL in an HTML page, HTML email or other KIO-
enabled application to execute arbitrary commands on the system using the
victim's account on the vulnerable machine."
More information about the Kclug
mailing list