CVE-2002-1393

NameCVE-2002-1393
DescriptionMultiple vulnerabilities in KDE 2 and KDE 3.x through 3.0.5 do not quote certain parameters that are inserted into a shell command, which could allow remote attackers to execute arbitrary commands via (1) URLs, (2) filenames, or (3) e-mail addresses.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDSA-234, DSA-235, DSA-236, DSA-237, DSA-238, DSA-239, DSA-240, DSA-241, DSA-242, DSA-243

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
kdepim (PTS)jessie, jessie (lts)4:4.14.1-1+deb8u2fixed
stretch4:16.04.3-4~deb9u1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
kdeadminsourcewoody2.2.2-7.2DSA-234
kdeadminsource(unstable)4:3.0.5a
kdebasesourcewoody2.2.2-14.2DSA-242
kdebasesource(unstable)4:3.0.5a
kdegamessourcewoody2.2.2-2.2DSA-240
kdegamessource(unstable)4:3.0.5a
kdegraphicssourcewoody2.2.2-6.10DSA-235
kdegraphicssource(unstable)4:3.0.5a
kdelibssourcewoody2.2.2-13.woody.6DSA-236
kdelibssource(unstable)4:3.0.5a
kdemultimediasourcewoody2.2.2-8.2DSA-243
kdemultimediasource(unstable)4:3.0.5a
kdenetworksourcewoody2.2.2-14.6DSA-237
kdenetworksource(unstable)4:3.0.5a
kdepimsourcewoody2.2.2-5.2DSA-238
kdepimsource(unstable)4:3.0.5a
kdesdksourcewoody2.2.2-3.2DSA-239
kdesdksource(unstable)4:3.0.5a
kdeutilssourcewoody2.2.2-9.2DSA-241
kdeutilssource(unstable)4:3.0.5a

Search for package or bug name: Reporting problems