aru Posted January 15, 2004 Report Share Posted January 15, 2004 MandrakeSoft Security Advisory MDKSA-2004:003 : kdepim January 14th, 2004 Updated kdepim packages fix vulnerability A vulnerability was discovered in all versions of kdepim as distributed with KDE versions 3.1.0 through 3.1.4. This vulnerability allows for a carefully crafted .VCF file to potentially enable a local attacker to compromise the privacy of a victim's data or execute arbitrary commands with the victim's privileges. This can also be used by remote attackers if the victim enables previews for remote files; however this is disabled by default. The provided packages contain a patch from the KDE team to correct this problem. The released versions of Mandrake GNU/Linux affected are: 9.1 9.2 9.2/AMD64 Full information about this advisory, including the updated packages, is available at: www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:003 Other references: http://cve.mitre.org/cgi-bin/cvename.cgi?n...e=CAN-2003-0988 Posted automatically by aru (mdksec2mub v0.0.7) Link to comment Share on other sites More sharing options...
Recommended Posts