• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

KDE KIO Subsystem Network Protocol Implementation Arbitrary Command Execution Vulnerability

Reportedly, the implementation of the rlogin and telnet protocols, by KDE's KIO subsystem, are prone to a remote command execution vulnerability.

An attacker can exploit this vulnerability by using a carefully crafted URL in a KIO-enabled application to execute arbitrary commands on the vulnerable system. Any commands executed in this manner will be executed on the victim user's account with the privileges of the victim user.

This vulnerability can also be exploited by using a carefully crafted URL in a HTML page or in a HTML email.