FreeBSD Ports: Ja-kdelibs, Kdelibs Network Vulnerability

Summary

The remote host is missing an update to the system as announced in the referenced advisory.

Solution

Update your system with the appropriate patches or software upgrades. http://www.kde.org/info/security/advisory-20050101-1.txt http://marc.theaimsgroup.com/?l=bugtraq&m=110245752232681 http://marc.theaimsgroup.com/?l=full-disclosure&m=110387390226693 http://marc.theaimsgroup.com/?l=full-disclosure&m=110390734925183 http://www.vuxml.org/freebsd/832e9d75-5bfc-11d9-a9e7-0001020eed82.html

Insight

The following packages are affected: ja-kdelibs kdelibs CVE-2004-1165 Konqueror 3.3.1 allows remote attackers to execute arbitrary FTP commands via an ftp:// URL that contains a URL-encoded newline ('%0a') before the FTP command, which causes the commands to be inserted into the resulting FTP session, as demonstrated using a PORT command.

Severity

Classification

CVE CVE-2004-1165

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

FreeBSD Ports: cdrdao
FreeBSD Ports: cdf3
FreeBSD Ports: apache, apache-event, apache-itk, apache-peruser, apache-worker
FreeBSD Ports: apache
FreeBSD Ports: chromium

FreeBSD Ports: ja-kdelibs, kdelibs

Take action and discover your vulnerabilities