Kopete Remote Command Execution Vulnerability

2003-06-27T13:45:42
ID OSVDB:2095
Type osvdb
Reporter OSVDB
Modified 2003-06-27T13:45:42

Description

Vulnerability Description

Kopete is a KDE instant messaging system with support for multiple protocols.

A vulnerability in the GnuPG plugin in kopete versions prior to 0.6.2 allows remote attackers to execute arbitrary commands in the client context by sending specially crafted messages to it.

Solution Description

All kopete users should upgrade. This update includes kopete 0.6.2, which fixes this vulnerability and adds several other bugfixes. A complete changelog can be seen in the project's home page.

UPDATED PACKAGES ftp://atualizacoes.conectiva.com.br/9/RPMS/kopete-0.6.2-27178U90_2cl.i386.rpm ftp://atualizacoes.conectiva.com.br/9/SRPMS/kopete-0.6.2-27178U90_2cl.src.rpm

KDE kopete 0.6.1: Mandrake Patch kopete-0.6.2-1.1mdk.i586.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Patch libkopete1-0.6.2-1.1mdk.i586.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Patch kopete-0.6.2-1.1mdk.ppc.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Patch libkopete1-0.6.2-1.1mdk.ppc.rpm http://www.mandrakesecure.net/en/ftp.php

Short Description

Kopete is a KDE instant messaging system with support for multiple protocols.

A vulnerability in the GnuPG plugin in kopete versions prior to 0.6.2 allows remote attackers to execute arbitrary commands in the client context by sending specially crafted messages to it.

References:

Vendor Specific Advisory URL Keyword: MDKSA-2003:055 Keyword: CLA-2003:665 ISS X-Force ID: 11969 Generic Informational URL: http://kopete.kde.org/index.php?page=newsstory&news=Kopete_releases_version_0.6.2 CVE-2003-0256 Bugtraq ID: 7536