Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: Dirk Mueller (mueller_at_kde.org)
Date: Wed Oct 09 2002 - 16:51:15 CDT
-----BEGIN PGP SIGNED MESSAGE-----
KDE Security Advisory: kpf Directory traversal
Original Release Date: 2002-10-08
1. Systems affected:
kpf of any KDE release between KDE 3.0.1 and KDE 3.0.3a.
kpf is a file sharing utility that can be docked into the
KDE kicker bar. It uses a subset of the HTTP protocol internally
and acts much similiar to a webserver.
A feature added in KDE 3.0.1 accidently allowed retrieving any
file, not limited to the configured shared directory, if it is
readable by the user kpf runs under.
Files not stored in the shared directory were remotely
The vulnerable feature has been removed.
Apply the patch listed in section 5 to kdenetwork/kpf, or update
to KDE 3.0.4.
kdenetwork-3.0.4 can be downloaded from
A patch for KDE 3.0.3 is available from
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
-----END PGP SIGNATURE-----