KDE 3.0.x KPF Icon Option File Disclosure Vulnerability

2002-10-11T00:00:00
ID EDB-ID:21934
Type exploitdb
Reporter Ajay R Ramjatan
Modified 2002-10-11T00:00:00

Description

KDE 3.0.x KPF Icon Option File Disclosure Vulnerability. CVE-2002-1224. Remote exploit for linux platform

                                        
                                            source: http://www.securityfocus.com/bid/5951/info

A vulnerability has been discovered in the kpf file sharing utility. KDE is available for the Linux operating system.

It has been reported that by passing a malicious file request to kpf, it is possible for a remote attacker to access files outside of the 'shared directory' root. The ability to read files outside of the shared root directory would be dependent upon the privileges of the kpf process. 

http://127.0.0.1:8001/?icon=/usr/local/kde/share/icons/hicolor/32x32/mimetypes/image.png