CVE-2002-1393
CVSS7.5
发布时间 :2003-01-17 00:00:00
修订时间 :2016-10-17 22:26:45
NMCOS    

[原文]Multiple vulnerabilities in KDE 2 and KDE 3.x through 3.0.5 do not quote certain parameters that are inserted into a shell command, which could allow remote attackers to execute arbitrary commands via (1) URLs, (2) filenames, or (3) e-mail addresses.


[CNNVD]KDE参数引用SHELL命令远程执行漏洞(CNNVD-200301-035)

        
        KDE是一款免费开放源代码X桌面管理程序,设计用于Unix和Linux操作系统。
        KDE不安全处理某些类型输入,不正确引用命令参数传递给命令行SHELL,远程攻击者可以利用这个漏洞以用户进程权限执行任意指令。
        在某些环境下,KDE不正确引用传递SHELL执行的命令参数,这些参数可以为一些混合数据,如URL,文件名和EMAIL地址,这些数据可以通过发送EMAIL给远程用户,利用WEB页面诱使用户打开或网络文件系统,不可信资源中的文件中传递。
        通过精心构建这些数据,攻击者可以以目标用户权限在系统上执行任意命令。
        KDE项目组目前没有发现任何相关此漏洞的利用代码。
        

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

cpe:/o:kde:kde:2.0
cpe:/o:kde:kde:2.1
cpe:/o:kde:kde:3.0
cpe:/o:kde:kde:2.2
cpe:/o:kde:kde:3.0.4
cpe:/o:kde:kde:3.0.3
cpe:/o:kde:kde:2.1.2
cpe:/o:kde:kde:2.2.1
cpe:/o:kde:kde:2.1.1
cpe:/o:kde:kde:2.0.1
cpe:/o:kde:kde:3.0.3a
cpe:/o:kde:kde:2.2.2
cpe:/o:kde:kde:3.0.2
cpe:/o:kde:kde:3.0.1
cpe:/o:kde:kde:3.0.5

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1393
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-1393
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200301-035
(官方数据源) CNNVD

- 其它链接及资源

http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000569
(UNKNOWN)  CONECTIVA  CLA-2003:569
http://marc.info/?l=bugtraq&m=104049734911544&w=2
(UNKNOWN)  BUGTRAQ  20021221 KDE Security Advisory: Multiple vulnerabilities in KDE
http://marc.info/?l=bugtraq&m=104066520330397&w=2
(UNKNOWN)  BUGTRAQ  20021222 GLSA: kde-3.0.x
http://www.debian.org/security/2003/dsa-234
(UNKNOWN)  DEBIAN  DSA-234
http://www.debian.org/security/2003/dsa-235
(UNKNOWN)  DEBIAN  DSA-235
http://www.debian.org/security/2003/dsa-236
(UNKNOWN)  DEBIAN  DSA-236
http://www.debian.org/security/2003/dsa-237
(UNKNOWN)  DEBIAN  DSA-237
http://www.debian.org/security/2003/dsa-238
(UNKNOWN)  DEBIAN  DSA-238
http://www.debian.org/security/2003/dsa-239
(UNKNOWN)  DEBIAN  DSA-239
http://www.debian.org/security/2003/dsa-240
(UNKNOWN)  DEBIAN  DSA-240
http://www.debian.org/security/2003/dsa-241
(UNKNOWN)  DEBIAN  DSA-241
http://www.debian.org/security/2003/dsa-242
(UNKNOWN)  DEBIAN  DSA-242
http://www.debian.org/security/2003/dsa-243
(VENDOR_ADVISORY)  DEBIAN  DSA-243
http://www.kde.org/info/security/advisory-20021220-1.txt
(VENDOR_ADVISORY)  CONFIRM  http://www.kde.org/info/security/advisory-20021220-1.txt
http://www.mandriva.com/security/advisories?name=MDKSA-2003:004
(UNKNOWN)  MANDRAKE  MDKSA-2003:004
http://www.redhat.com/support/errata/RHSA-2003-002.html
(UNKNOWN)  REDHAT  RHSA-2003:002
http://www.redhat.com/support/errata/RHSA-2003-003.html
(UNKNOWN)  REDHAT  RHSA-2003:003
http://www.securityfocus.com/bid/6462
(UNKNOWN)  BID  6462

- 漏洞信息

KDE参数引用SHELL命令远程执行漏洞
高危 设计错误
2003-01-17 00:00:00 2005-10-20 00:00:00
远程  
        
        KDE是一款免费开放源代码X桌面管理程序,设计用于Unix和Linux操作系统。
        KDE不安全处理某些类型输入,不正确引用命令参数传递给命令行SHELL,远程攻击者可以利用这个漏洞以用户进程权限执行任意指令。
        在某些环境下,KDE不正确引用传递SHELL执行的命令参数,这些参数可以为一些混合数据,如URL,文件名和EMAIL地址,这些数据可以通过发送EMAIL给远程用户,利用WEB页面诱使用户打开或网络文件系统,不可信资源中的文件中传递。
        通过精心构建这些数据,攻击者可以以目标用户权限在系统上执行任意命令。
        KDE项目组目前没有发现任何相关此漏洞的利用代码。
        

- 公告与补丁

        厂商补丁:
        KDE
        ---
        KDE已经为此发布了一个安全公告(KDE-20021220-1)以及相应补丁:
        KDE-20021220-1:Multiple vulnerabilities in KDE
        链接:
        http://www.kde.org/info/security/advisory-20021220-1.txt

        针对KDE 3.0系统KDE建议用户升级KDE到3.0.5a版本:
        
        http://download.kde.org/stable/3.0.5a/

        针对KDE 2系统,请下载补丁程序,如果需要二进制程序请联系OS供应商:
        ftp://ftp.kde.org/pub/kde/security_patches/
        MD5SUM PATCH
        522331e2b47f84956eb2df1fcf89ba17 post-2.2.2-kdebase.diff
        0dbd747882b942465646efe0ba6af802 post-2.2.2-kdegames.diff
        4b9c93acd452d1de2f4f0bca5b05593f post-2.2.2-kdegraphics.diff
        93a12594d0fb48c7b50bfd4a10a9935d post-2.2.2-kdelibs.diff
        d1d25b39ee98e340ac3730f7afe54f0c post-2.2.2-kdemultimedia.diff
        59ac7be4995bed8b119a4e5882e54cff post-2.2.2-kdenetwork.diff
        0a3ae9eeeceefb2f631a26ec787663a9 post-2.2.2-kdepim.diff
        690c7fdab1bbc743eafac9b06997a03b post-2.2.2-kdesdk.diff
        8174e328f47e18a8a52b13b34f5c54e5 post-2.2.2-kdeutils.diff

- 漏洞信息

13000
KDE Incorrect Parameter Quoting Arbitrary Command Execution

- 漏洞描述

Unknown or Incomplete

- 时间线

2002-12-20 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

KDE Parameter Quoting Shell Command Execution Vulnerability
Design Error 6462
Yes No
2002-12-22 12:00:00 2009-07-11 07:17:00
Vulnerability announced in a KDE Security Advisory.

- 受影响的程序版本

KDE KDE 3.0.5
+ Conectiva Linux 8.0
KDE KDE 3.0.4
+ Conectiva Linux 8.0
+ Gentoo Linux 1.4 _rc1
+ Gentoo Linux 1.2
+ Gentoo Linux 1.2
KDE KDE 3.0.3 a
KDE KDE 3.0.3
+ Conectiva Linux 8.0
+ Conectiva Linux 8.0
+ Conectiva Linux Enterprise Edition 1.0
+ FreeBSD FreeBSD 4.7 -STABLE
+ FreeBSD FreeBSD 4.7 -STABLE
+ Mandriva Linux Mandrake 9.0
+ Mandriva Linux Mandrake 9.0
KDE KDE 3.0.2
+ Mandriva Linux Mandrake 8.2
KDE KDE 3.0.1
KDE KDE 3.0
+ Conectiva Linux 8.0
KDE KDE 2.2.2
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0
+ Debian Linux 3.0
+ Debian Linux 2.2 sparc
+ Debian Linux 2.2 powerpc
+ Debian Linux 2.2 IA-32
+ Debian Linux 2.2 arm
+ Debian Linux 2.2 alpha
+ Debian Linux 2.2 68k
+ Debian Linux 2.2
+ Mandriva Linux Mandrake 8.2 ppc
+ Mandriva Linux Mandrake 8.2 ppc
+ Mandriva Linux Mandrake 8.2
+ Mandriva Linux Mandrake 8.2
+ Mandriva Linux Mandrake 8.1 ia64
+ Mandriva Linux Mandrake 8.1 ia64
+ Mandriva Linux Mandrake 8.1
+ Mandriva Linux Mandrake 8.1
+ Red Hat Enterprise Linux AS 2.1 IA64
+ Red Hat Enterprise Linux AS 2.1 IA64
+ Red Hat Enterprise Linux AS 2.1
+ Red Hat Enterprise Linux AS 2.1
+ RedHat Advanced Workstation for the Itanium Processor 2.1
+ RedHat Enterprise Linux ES 2.1 IA64
+ RedHat Enterprise Linux ES 2.1 IA64
+ RedHat Enterprise Linux ES 2.1
+ RedHat Enterprise Linux ES 2.1
+ RedHat Enterprise Linux WS 2.1 IA64
+ RedHat Enterprise Linux WS 2.1 IA64
+ RedHat Enterprise Linux WS 2.1
+ RedHat Enterprise Linux WS 2.1
+ RedHat Linux 7.2 ia64
+ RedHat Linux 7.2 ia64
+ RedHat Linux 7.2 i386
+ RedHat Linux 7.2 i386
+ RedHat Linux 7.1 i386
+ RedHat Linux 7.1 i386
+ RedHat Linux Advanced Work Station 2.1
+ Sun Linux 5.0.7
+ Sun Linux 5.0.7
+ Sun Linux 5.0.6
+ Sun Linux 5.0.6
+ Sun Linux 5.0.5
+ Sun Linux 5.0.5
KDE KDE 2.2.1
+ Caldera OpenLinux Server 3.1.1
+ Caldera OpenLinux Server 3.1.1
+ Caldera OpenLinux Server 3.1
+ Caldera OpenLinux Server 3.1
+ Caldera OpenLinux Workstation 3.1.1
+ Caldera OpenLinux Workstation 3.1
+ Caldera OpenLinux Workstation 3.1
+ Mandriva Linux Mandrake 8.1 ia64
+ Mandriva Linux Mandrake 8.1
KDE KDE 2.2
KDE KDE 2.1.2
+ Conectiva Linux 7.0
KDE KDE 2.1.1
KDE KDE 2.1
KDE KDE 2.0.1
+ Conectiva Linux 6.0
KDE KDE 2.0
KDE KDE 3.0.5 a
+ RedHat Linux 8.0 i386
+ RedHat Linux 7.3 i386
+ RedHat Linux 7.3 i386

- 不受影响的程序版本

KDE KDE 3.0.5 a
+ RedHat Linux 8.0 i386
+ RedHat Linux 7.3 i386
+ RedHat Linux 7.3 i386

- 漏洞讨论

KDE is a freely available, open source X Desktop Manager. It has application features to make systems user-friendly, and is designed for Unix and Linux operating systems.

It has been discovered that KDE insecurely handles some types of input. Under some circumstances, KDE does not properly quote parameters of commands passed to the command shell. By creating a custom, malicious string in an attacker-controlled medium of delivery, it would be possible execute commands with the privileges of the user receiving the malicious string.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.

- 解决方案

Red Hat has released a security advisory (RHSA-2003:002-01), which addresses the issue. Please see the attached advisory for details on obtaining fixes.

Gentoo Linux has released an advisory. Users who have installed kde-base/kde-3.0.4 and earlier are advised to upgrade their systems by issuing the following commands:

emerge rsync
emerge kde
emerge clean

Gentoo Linux has released a new advisory. Users who have installed kde-base/kde-2.2.x are advised to upgrade their systems to kde*-2.2.2-{r1,r2,r4} by issuing the following commands:

emerge sync
emerge -u \=kde-base/kde-2.2*
emerge clean

Debian has released advisories (DSA 234-1, DSA 235-1, DSA 236-1, DSA 237-1, DSA 238-1, DSA 239-1, DSA 240-1, DSA 241-1, DSA 242-1, DSA 243-1) which address this issue.

Debian users using the apt-get package manager are advised to upgrade their systems by issuing the following commands:
apt-get update or
apt-get upgrade

Please see the attached Debian advisories for details on obtaining and applying fixes.

Conectiva has released a security advisory (CLA-2003:569) which addresses the issue. Please see the attached advisory for details on obtaining fixes.

Fixes have been made available by the vendor. See attached reference.

Sun has released updates for Sun Linux 5.0.5.

Fixes available:


KDE KDE 2.2.2

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站