KDE 3.0.x KPF Icon Option File Disclosure Vulnerability

2014-07-01T00:00:00
ID SSV:75749
Type seebug
Reporter Root
Modified 2014-07-01T00:00:00

Description

No description provided by source.

                                        
                                            
                                                source: http://www.securityfocus.com/bid/5951/info

A vulnerability has been discovered in the kpf file sharing utility. KDE is available for the Linux operating system.

It has been reported that by passing a malicious file request to kpf, it is possible for a remote attacker to access files outside of the 'shared directory' root. The ability to read files outside of the shared root directory would be dependent upon the privileges of the kpf process. 

http://127.0.0.1:8001/?icon=/usr/local/kde/share/icons/hicolor/32x32/mimetypes/image.png