KDE Security Advisory: KDE ioslave PASV port scanning vulnerability
Original Release Date: 2007-03-26
1. Systems affected:
KDE up to including KDE version 3.5.6.
The KDE FTP ioslave parses the host address in the PASV response
of a FTP server response. mark from bindshell.net pointed
port scanning. It was not possible to demonstrate the
However, other scenarios are possible.
could cause Konqueror or other web browsers based on KHTML
to perform port scanning.
Source code patches have been made available which fix these
vulnerabilities. Contact your OS vendor / binary package provider
for information about how to obtain updated binary packages.
Patch for KDE 3.5.x and newer is available from
Patch for KDE 3.4.x and newer is available from