CVE-2002-1393

Name	CVE-2002-1393
Description	Multiple vulnerabilities in KDE 2 and KDE 3.x through 3.0.5 do not quote certain parameters that are inserted into a shell command, which could allow remote attackers to execute arbitrary commands via (1) URLs, (2) filenames, or (3) e-mail addresses.
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
References	DSA-234, DSA-235, DSA-236, DSA-237, DSA-238, DSA-239, DSA-240, DSA-241, DSA-242, DSA-243

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
kdepim (PTS)	jessie, jessie (lts)	4:4.14.1-1+deb8u2	fixed
	stretch	4:16.04.3-4~deb9u1	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Origin
kdeadmin	source	woody	2.2.2-7.2	DSA-234
kdeadmin	source	(unstable)	4:3.0.5a
kdebase	source	woody	2.2.2-14.2	DSA-242
kdebase	source	(unstable)	4:3.0.5a
kdegames	source	woody	2.2.2-2.2	DSA-240
kdegames	source	(unstable)	4:3.0.5a
kdegraphics	source	woody	2.2.2-6.10	DSA-235
kdegraphics	source	(unstable)	4:3.0.5a
kdelibs	source	woody	2.2.2-13.woody.6	DSA-236
kdelibs	source	(unstable)	4:3.0.5a
kdemultimedia	source	woody	2.2.2-8.2	DSA-243
kdemultimedia	source	(unstable)	4:3.0.5a
kdenetwork	source	woody	2.2.2-14.6	DSA-237
kdenetwork	source	(unstable)	4:3.0.5a
kdepim	source	woody	2.2.2-5.2	DSA-238
kdepim	source	(unstable)	4:3.0.5a
kdesdk	source	woody	2.2.2-3.2	DSA-239
kdesdk	source	(unstable)	4:3.0.5a
kdeutils	source	woody	2.2.2-9.2	DSA-241
kdeutils	source	(unstable)	4:3.0.5a