Vulnerabilities > CVE-2003-0256 - Unspecified vulnerability in KDE Kopete 0.6.1
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
The GnuPG plugin in kopete before 0.6.2 does not properly cleanse the command line when executing gpg, which allows remote attackers to execute arbitrary commands.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Nessus
| NASL family | Mandriva Local Security Checks |
| NASL id | MANDRAKE_MDKSA-2003-055.NASL |
| description | A vulnerability was discovered in versions of kopete, a KDE instant messenger client, prior to 0.6.2. This vulnerability is in the GnuPG plugin that allows for users to send each other GPG-encrypted instant messages. The plugin passes encrypted messages to gpg, but does no checking to sanitize the commandline passed to gpg. This can allow remote users to execute arbitrary code, with the permissions of the user running kopete, on the local system. |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 14039 |
| published | 2004-07-31 |
| reporter | This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/14039 |
| title | Mandrake Linux Security Advisory : kopete (MDKSA-2003:055) |