FKIE_CVE-2002-1393

Vulnerability from fkie_nvd - Published: 2003-01-17 05:00 - Updated: 2025-04-03 01:03
Severity ?
Summary
Multiple vulnerabilities in KDE 2 and KDE 3.x through 3.0.5 do not quote certain parameters that are inserted into a shell command, which could allow remote attackers to execute arbitrary commands via (1) URLs, (2) filenames, or (3) e-mail addresses.
References
cve@mitre.orghttp://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000569
cve@mitre.orghttp://marc.info/?l=bugtraq&m=104049734911544&w=2
cve@mitre.orghttp://marc.info/?l=bugtraq&m=104066520330397&w=2
cve@mitre.orghttp://secunia.com/advisories/8067
cve@mitre.orghttp://secunia.com/advisories/8103
cve@mitre.orghttp://www.debian.org/security/2003/dsa-234
cve@mitre.orghttp://www.debian.org/security/2003/dsa-235
cve@mitre.orghttp://www.debian.org/security/2003/dsa-236
cve@mitre.orghttp://www.debian.org/security/2003/dsa-237
cve@mitre.orghttp://www.debian.org/security/2003/dsa-238
cve@mitre.orghttp://www.debian.org/security/2003/dsa-239
cve@mitre.orghttp://www.debian.org/security/2003/dsa-240
cve@mitre.orghttp://www.debian.org/security/2003/dsa-241
cve@mitre.orghttp://www.debian.org/security/2003/dsa-242
cve@mitre.orghttp://www.debian.org/security/2003/dsa-243Patch, Vendor Advisory
cve@mitre.orghttp://www.kde.org/info/security/advisory-20021220-1.txtPatch, Vendor Advisory
cve@mitre.orghttp://www.mandriva.com/security/advisories?name=MDKSA-2003:004
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2003-002.html
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2003-003.html
cve@mitre.orghttp://www.securityfocus.com/bid/6462
af854a3a-2127-422b-91ae-364da2661108http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000569
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=104049734911544&w=2
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=104066520330397&w=2
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/8067
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/8103
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2003/dsa-234
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2003/dsa-235
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2003/dsa-236
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2003/dsa-237
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2003/dsa-238
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2003/dsa-239
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2003/dsa-240
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2003/dsa-241
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2003/dsa-242
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2003/dsa-243Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.kde.org/info/security/advisory-20021220-1.txtPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDKSA-2003:004
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2003-002.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2003-003.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/6462
Impacted products
Vendor Product Version
kde kde 2.0
kde kde 2.0.1
kde kde 2.1
kde kde 2.1.1
kde kde 2.1.2
kde kde 2.2
kde kde 2.2.1
kde kde 2.2.2
kde kde 3.0
kde kde 3.0.1
kde kde 3.0.2
kde kde 3.0.3
kde kde 3.0.3a
kde kde 3.0.4
kde kde 3.0.5
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:kde:kde:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6671EEE2-8CEC-41C7-9CF2-23D92A1B3DE8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:kde:kde:2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4F3ACDA-8DB4-4E59-B673-021CEBD03D8C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:kde:kde:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C5E480F-A87E-4583-BC75-8596206C0895",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:kde:kde:2.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2EF4C94E-54BB-44DB-BB7D-841419C4D3A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:kde:kde:2.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B292C704-EDFA-4060-90DF-0A3906DB0AC9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:kde:kde:2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B5DBFB51-48EB-41E5-9712-0A5368EE56A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:kde:kde:2.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EEAE9343-7A7F-4CB0-8CEF-52D61BD689C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:kde:kde:2.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F531972-E0A7-4E7C-A899-3766CEAAE2EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:kde:kde:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4CEED379-3111-4451-B782-8C66CE568A1C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:kde:kde:3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B146FCD3-F6E7-4412-94FD-F9E66089C227",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:kde:kde:3.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "99CB51E4-0BFC-4C7C-B9EE-3DBCB0188D73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:kde:kde:3.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C629F0C8-C765-4076-B426-80929F9CE285",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:kde:kde:3.0.3a:*:*:*:*:*:*:*",
              "matchCriteriaId": "E107A931-B670-42A8-9F75-EEA0EF3D09B5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:kde:kde:3.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "671D1461-4AB4-4FB6-977D-733888A1BA9B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:kde:kde:3.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "E268EFFF-6B28-4C64-B052-AFA3BB1E709F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple vulnerabilities in KDE 2 and KDE 3.x through 3.0.5 do not quote certain parameters that are inserted into a shell command, which could allow remote attackers to execute arbitrary commands via (1) URLs, (2) filenames, or (3) e-mail addresses."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades en KDE 2 y KDE 3.x a 3.0.5 no ponen entre comillas ciertos par\u00e1metros que son insertados en comando de shell, lo que podr\u00eda permitir a atacantes remotos ejecutar comandos arbitrarios mediante URLs, nombres de ficheros o direcciones de correo electr\u00f3nico."
    }
  ],
  "id": "CVE-2002-1393",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": true,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2003-01-17T05:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000569"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=104049734911544\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=104066520330397\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/8067"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/8103"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2003/dsa-234"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2003/dsa-235"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2003/dsa-236"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2003/dsa-237"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2003/dsa-238"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2003/dsa-239"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2003/dsa-240"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2003/dsa-241"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2003/dsa-242"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.debian.org/security/2003/dsa-243"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.kde.org/info/security/advisory-20021220-1.txt"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:004"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/support/errata/RHSA-2003-002.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/support/errata/RHSA-2003-003.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/6462"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000569"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=104049734911544\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=104066520330397\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/8067"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/8103"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2003/dsa-234"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2003/dsa-235"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2003/dsa-236"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2003/dsa-237"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2003/dsa-238"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2003/dsa-239"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2003/dsa-240"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2003/dsa-241"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2003/dsa-242"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.debian.org/security/2003/dsa-243"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.kde.org/info/security/advisory-20021220-1.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:004"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2003-002.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2003-003.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/6462"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.