Vulnerability Name:

CVE-2002-1281 (CCN-10602)

Assigned:2002-11-11
Published:2002-11-11
Updated:2016-10-18
Summary:Unknown vulnerability in the rlogin KIO subsystem (rlogin.protocol) of KDE 2.x 2.1 and later, and KDE 3.x 3.0.4 and earlier, allows local and remote attackers to execute arbitrary code via a certain URL.
CVSS v3 Severity:5.9 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
4.6 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: CALDERA
Type: UNKNOWN
CSSA-2003-012.0

Source: CCN
Type: SCO Security Advisory CSSA-2003-012.0
Linux: KDE rlogin.protocol and telnet.protocol url kio Vulnerability

Source: CCN
Type: Gentoo Linux Security Announcement 200211-004
rlogin.protocol and telnet.protocol URL KIO Vulnerability resLISa / LISa Vulnerabilities

Source: MITRE
Type: CNA
CVE-2002-1281

Source: BUGTRAQ
Type: UNKNOWN
20021112 KDE Security Advisory: rlogin.protocol and telnet.protocol URL KIO Vulnerability

Source: BUGTRAQ
Type: UNKNOWN
20021114 GLSA: kdelibs

Source: CCN
Type: RHSA-2002-220
Updated KDE packages fix security issues

Source: CCN
Type: SA8298
OpenLinux update to kdelibs

Source: SECUNIA
Type: UNKNOWN
8298

Source: CCN
Type: CIAC Information Bulletin N-020
Red Hat Multiple Vulnerabilities in KDE

Source: DEBIAN
Type: UNKNOWN
DSA-204

Source: DEBIAN
Type: DSA-204
kdelibs -- arbitrary program execution

Source: XF
Type: Vendor Advisory
kde-rlogin-command-execution(10602)

Source: CCN
Type: KDE Web site
Getting KDE

Source: CCN
Type: KDE Security Advisory 2002-11-11
rlogin.protocol and telnet.protocol URL KIO Vulnerability

Source: CONFIRM
Type: Patch, Vendor Advisory
http://www.kde.org/info/security/advisory-20021111-1.txt

Source: MANDRAKE
Type: UNKNOWN
MDKSA-2002:079

Source: CCN
Type: OSVDB ID: 12996
KDE KIO Subsystem rlogin Arbitrary Remote Command Execution

Source: REDHAT
Type: Patch, Vendor Advisory
RHSA-2002:220

Source: BID
Type: Patch, Vendor Advisory
6182

Source: CCN
Type: BID-6182
KDE KIO Subsystem Network Protocol Implementation Arbitrary Command Execution Vulnerability

Source: XF
Type: UNKNOWN
kde-rlogin-command-execution(10602)

Vulnerable Configuration:Configuration 1:
  • cpe:/o:kde:kde:2.1:*:*:*:*:*:*:*
  • OR cpe:/o:kde:kde:2.1.1:*:*:*:*:*:*:*
  • OR cpe:/o:kde:kde:2.1.2:*:*:*:*:*:*:*
  • OR cpe:/o:kde:kde:2.2:*:*:*:*:*:*:*
  • OR cpe:/o:kde:kde:2.2.1:*:*:*:*:*:*:*
  • OR cpe:/o:kde:kde:2.2.2:*:*:*:*:*:*:*
  • OR cpe:/o:kde:kde:3.0:*:*:*:*:*:*:*
  • OR cpe:/o:kde:kde:3.0.1:*:*:*:*:*:*:*
  • OR cpe:/o:kde:kde:3.0.2:*:*:*:*:*:*:*
  • OR cpe:/o:kde:kde:3.0.3:*:*:*:*:*:*:*
  • OR cpe:/o:kde:kde:3.0.4:*:*:*:*:*:*:*

  • Configuration CCN 1:
  • cpe:/o:redhat:linux:7.2:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7.3:*:*:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.0:*:*:*:*:*:*:*
  • OR cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:8.0:*:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.debian:def:204
    V
    arbitrary program execution
    2002-12-05
    BACK
    kde kde 2.1
    kde kde 2.1.1
    kde kde 2.1.2
    kde kde 2.2
    kde kde 2.2.1
    kde kde 2.2.2
    kde kde 3.0
    kde kde 3.0.1
    kde kde 3.0.2
    kde kde 3.0.3
    kde kde 3.0.4
    redhat linux 7.2
    redhat linux 7.3
    debian debian linux 3.0
    gentoo linux *
    redhat linux 8.0