Welcome to our website
To take full advantage of all features you need to login or register. Registration is completely free and takes only a few seconds.
kopete Update for Mandrake
Posted by philipp on: 05/10/2003 09:20 AM [ Print | 0 comment(s) ]
MandrakeSoft has released an updated kopete package for Mandrake Linux 9.1
A vulnerability was discovered in versions of kopete, a KDE instant messenger client, prior to 0.6.2. This vulnerabiliy is in the GnuPG plugin that allows for users to send each other GPG-encrypted instant messages. The plugin passes encrypted messages to gpg, but does no checking to sanitize the commandline passed to gpg. This can allow remote users to execute arbitrary code, with the permissions of the user running kopete, on the local system.