KDE FTP KIOSlave URI Arbitrary FTP Server Command Execution Vulnerability

KDE FTP KIOSlave URI Arbitrary FTP Server Command Execution Vulnerability

Solution:
Mandrake Linux has released an advisory (MDKSA-2004:160) dealing with this issue. Mandrake has also released an additional advisory to address this issue (MDKSA-2005:045). Please see the referenced advisories for more information.

Debian has released advisory DSA 631-1 to provide updates for kdelibs. Please see the attached advisory for details on obtaining and applying fixes.

Gentoo has released an advisory to provide updates for this issue. Updates may be applied by running the following commands as the superuser:
emerge --sync
emerge --ask --oneshot --verbose kde-base/kdelibs

KDE has released patches for KDE 3.2.3 and 3.3.2.

Fedora has released advisories FEDORA-2005-063 and FEDORA-2005-064 for Fedora Core 2 and 3. These advisories contain updated kdelibs packages. Please see the referenced advisories for more information.

SuSE Linux has released a security summary report (SUSE-SR:2005:003) that contains fixes to address this and other vulnerabilities. Customers are advised to peruse the referenced advisory for further information regarding obtaining and applying appropriate updates.

Red Hat has released advisory RHSA-2005:009-19 to address issues in KDE. Please see the advisory in Web references for more information.

SGI has released advisory 20050207-01-U including Patch 10144 that contains updated SGI ProPack 3 Service Pack 4 RPMs for the SGI Altix products. This patch addresses various issues. Please see the referenced advisory for more information.

SGI ProPack 3.0

SGI Patch10144
http://support.sgi.com/

KDE KDE 3.1.1

SuSE kdebase3-3.1.1-166.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/kdebase3-3.1.1-16 6.i586.rpm

SuSE kdelibs3-3.1.1-151.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/kdelibs3-3.1.1-15 1.i586.rpm

KDE KDE 3.1.4

SuSE kdebase3-3.1.4-80.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/kdebase3-3.1.4-80 .i586.rpm

SuSE kdebase3-3.1.4-80.x86_64.rpm
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/kdebase3-3.1. 4-80.x86_64.rpm

SuSE kdelibs3-3.1.4-58.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/kdelibs3-3.1.4-58 .i586.rpm

SuSE kdelibs3-3.1.4-58.x86_64.rpm
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/kdelibs3-3.1. 4-58.x86_64.rpm

KDE KDE 3.2

Mandrake kdelibs-common-3.2-36.10.100mdk.amd64.rpm
Mandrake Linux 10.0/AMD64
http://www.mandrakesecure.net/en/ftp.php

Mandrake kdelibs-common-3.2-36.10.100mdk.i586.rpm
Mandrake Linux 10.0
http://www.mandrakesecure.net/en/ftp.php

Mandrake kdelibs-common-3.2-36.10.C30mdk.i586.rpm
Mandrake Corporate Server 3.0
http://www.mandrakesecure.net/en/ftp.php

Mandrake kdelibs-common-3.2-36.10.C30mdk.x86_64.rpm
Mandrake Corporate Server 3.0/x86_64
http://www.mandrakesecure.net/en/ftp.php

Mandrake kdelibs-common-3.2-36.8.100mdk.amd64.rpm
Mandrake Linux 10.0/AMD64
http://www.mandrakesecure.net/en/ftp.php

Mandrake kdelibs-common-3.2-36.8.100mdk.i586.rpm
Mandrake Linux 10.0
http://www.mandrakesecure.net/en/ftp.php

Mandrake lib64kdecore4-3.2-36.10.100mdk.amd64.rpm
Mandrake Linux 10.0/AMD64
http://www.mandrakesecure.net/en/ftp.php

Mandrake lib64kdecore4-3.2-36.10.C30mdk.x86_64.rpm
Mandrake Corporate Server 3.0/x86_64
http://www.mandrakesecure.net/en/ftp.php

Mandrake lib64kdecore4-3.2-36.8.100mdk.amd64.rpm
Mandrake Linux 10.0/AMD64
http://www.mandrakesecure.net/en/ftp.php

Mandrake lib64kdecore4-devel-3.2-36.10.100mdk.amd64.rpm
Mandrake Linux 10.0/AMD64
http://www.mandrakesecure.net/en/ftp.php

Mandrake lib64kdecore4-devel-3.2-36.10.C30mdk.x86_64.rpm
Mandrake Corporate Server 3.0/x86_64
http://www.mandrakesecure.net/en/ftp.php

Mandrake lib64kdecore4-devel-3.2-36.8.100mdk.amd64.rpm
Mandrake Linux 10.0/AMD64
http://www.mandrakesecure.net/en/ftp.php

Mandrake libkdecore4-3.2-36.10.100mdk.i586.rpm
Mandrake Linux 10.0
http://www.mandrakesecure.net/en/ftp.php

Mandrake libkdecore4-3.2-36.10.C30mdk.i586.rpm
Mandrake Corporate Server 3.0
http://www.mandrakesecure.net/en/ftp.php

Mandrake libkdecore4-3.2-36.8.100mdk.i586.rpm
Mandrake Linux 10.0
http://www.mandrakesecure.net/en/ftp.php

Mandrake libkdecore4-devel-3.2-36.10.100mdk.i586.rpm
Mandrake Linux 10.0
http://www.mandrakesecure.net/en/ftp.php

Mandrake libkdecore4-devel-3.2-36.10.C30mdk.i586.rpm
Mandrake Corporate Server 3.0
http://www.mandrakesecure.net/en/ftp.php

Mandrake libkdecore4-devel-3.2-36.8.100mdk.i586.rpm
Mandrake Linux 10.0
http://www.mandrakesecure.net/en/ftp.php

KDE KDE 3.2.1

SuSE kdebase3-3.2.1-68.36.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/kdebase3-3.2.1-68 .36.i586.rpm

SuSE kdelibs3-3.2.1-44.39.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/kdelibs3-3.2.1-44 .39.i586.rpm

KDE KDE 3.2.2

Fedora kdelibs-3.2.2-12.FC2.i386.rpm
RedHat Fedora Core 2
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/

Fedora kdelibs-3.2.2-12.FC2.x86_64.rpm
RedHat Fedora Core 2
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/

Fedora kdelibs-debuginfo-3.2.2-12.FC2.i386.rpm
RedHat Fedora Core 2
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/

Fedora kdelibs-debuginfo-3.2.2-12.FC2.x86_64.rpm
RedHat Fedora Core 2
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/

Fedora kdelibs-devel-3.2.2-12.FC2.i386.rpm
RedHat Fedora Core 2
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/

Fedora kdelibs-devel-3.2.2-12.FC2.x86_64.rpm
RedHat Fedora Core 2
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/

KDE Konqueror 3.2.3

KDE post-3.2.3-kdelibs-kioslave.patch
ftp://ftp.kde.org/pub/kde/security_patches/post-3.2.3-kdelibs-kioslave .patch

KDE KDE 3.2.3

KDE post-3.2.3-kdelibs-kioslave.patch
ftp://ftp.kde.org/pub/kde/security_patches/post-3.2.3-kdelibs-kioslave .patch

Mandrake kdelibs-common-3.2.3-100.1.101mdk.i586.rpm
Mandrake Linux 10.1
http://www.mandrakesecure.net/en/ftp.php

Mandrake kdelibs-common-3.2.3-100.1.101mdk.x86_64.rpm
Mandrake Linux 10.1/x86_64
http://www.mandrakesecure.net/en/ftp.php

Mandrake kdelibs-common-3.2.3-103.1.101mdk.i586.rpm
Mandrake Linux 10.1
http://www.mandrakesecure.net/en/ftp.php

Mandrake kdelibs-common-3.2.3-103.1.101mdk.x86_64.rpm
Mandrake Linux 10.1/x86_64
http://www.mandrakesecure.net/en/ftp.php

Mandrake lib64kdecore4-3.2.3-100.1.101mdk.x86_64.rpm
Mandrake Linux 10.1/x86_64
http://www.mandrakesecure.net/en/ftp.php

Mandrake lib64kdecore4-3.2.3-103.1.101mdk.x86_64.rpm
Mandrake Linux 10.1/x86_64
http://www.mandrakesecure.net/en/ftp.php

Mandrake lib64kdecore4-devel-3.2.3-100.1.101mdk.x86_64.rpm
Mandrake Linux 10.1/x86_64
http://www.mandrakesecure.net/en/ftp.php

Mandrake lib64kdecore4-devel-3.2.3-103.1.101mdk.x86_64.rpm
Mandrake Linux 10.1/x86_64
http://www.mandrakesecure.net/en/ftp.php

Mandrake libkdecore4-3.2.3-100.1.101mdk.i586.rpm
Mandrake Linux 10.1
http://www.mandrakesecure.net/en/ftp.php

Mandrake libkdecore4-3.2.3-103.1.101mdk.i586.rpm
Mandrake Linux 10.1
http://www.mandrakesecure.net/en/ftp.php

Mandrake libkdecore4-3.2.3-103.1.101mdk.i586.rpm
Mandrake Linux 10.1/x86_64
http://www.mandrakesecure.net/en/ftp.php

Mandrake libkdecore4-devel-3.2.3-100.1.101mdk.i586.rpm
Mandrake Linux 10.1
http://www.mandrakesecure.net/en/ftp.php

Mandrake libkdecore4-devel-3.2.3-103.1.101mdk.i586.rpm
Mandrake Linux 10.1
http://www.mandrakesecure.net/en/ftp.php

KDE KDE 3.3

Fedora kdelibs-3.3.1-2.6.FC3.i386.rpm
RedHat Fedora Core 3
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/

Fedora kdelibs-3.3.1-2.6.FC3.x86_64.rpm
RedHat Fedora Core 3
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/

Fedora kdelibs-debuginfo-3.3.1-2.6.FC3.i386.rpm
RedHat Fedora Core 3
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/

Fedora kdelibs-debuginfo-3.3.1-2.6.FC3.x86_64.rpm
RedHat Fedora Core 3
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/

Fedora kdelibs-devel-3.3.1-2.6.FC3.i386.rpm
RedHat Fedora Core 3
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/

Fedora kdelibs-devel-3.3.1-2.6.FC3.x86_64.rpm
RedHat Fedora Core 3
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/

SuSE kdebase3-3.2.1-68.36.x86_64.rpm
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/kdebase3-3.2. 1-68.36.x86_64.rpm

SuSE kdebase3-3.3.0-29.3.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/kdebase3-3.3.0-29 .3.i586.rpm

SuSE kdebase3-3.3.0-29.3.x86_64.rpm
ftp://ftp.suse.com/pub/suse/x86_64/update/9.2/rpm/x86_64/kdebase3-3.3. 0-29.3.x86_64.rpm

SuSE kdebase3-32bit-9.2-200501241627.x86_64.rpm
ftp://ftp.suse.com/pub/suse/x86_64/update/9.2/rpm/x86_64/kdebase3-32bi t-9.2-200501241627.x86_64.rpm

SuSE kdelibs3-3.2.1-44.39.x86_64.rpm
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/kdelibs3-3.2. 1-44.39.x86_64.rpm

SuSE kdelibs3-3.3.0-34.3.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/kdelibs3-3.3.0-34 .3.i586.rpm

SuSE kdelibs3-3.3.0-34.3.x86_64.rpm
ftp://ftp.suse.com/pub/suse/x86_64/update/9.2/rpm/x86_64/kdelibs3-3.3. 0-34.3.x86_64.rpm

SuSE kdelibs3-32bit-9.2-200501241627.x86_64.rpm
ftp://ftp.suse.com/pub/suse/x86_64/update/9.2/rpm/x86_64/kdelibs3-32bi t-9.2-200501241627.x86_64.rpm

KDE KDE 3.3.2

KDE post-3.3.2-kdelibs-kioslave.patch
ftp://ftp.kde.org/pub/kde/security_patches/post-3.3.2-kdelibs-kioslave .patch

KDE Konqueror 3.3.2

KDE post-3.3.2-kdelibs-kioslave.patch
ftp://ftp.kde.org/pub/kde/security_patches/post-3.3.2-kdelibs-kioslave .patch