Language Selection

English French German Italian Portuguese Spanish

KDE Kommander Arbitrary Code Execution Vulnerability

Filed under
KDE
Security

Eckhart Wörner has reported a vulnerability in KDE, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to a design error in Kommander, as it executes data files containing scripts without user confirmation.

Successful exploitation allows execution of arbitrary code on a user's system via a malicious kommander file.

The vulnerability affects Quanta 3.1.x and KDE versions 3.2 through 3.4.0.

Solution:
Apply patches.

Patch for KDE 3.4.0:
ftp://ftp.kde.org/pub/kde/securi...t-3.4.0-kdewebdev-kommander.diff
c388b21d91c8326fc9757cd8786713db

Patch for KDE 3.3.2:
ftp://ftp.kde.org/pub/kde/securi...t-3.3.2-kdewebdev-kommander.diff
d210c07121c1ba3a97660a6e166738e6

Original Advisory:
KDE:
http://www.kde.org/info/security/advisory-20050420-1.txt

Source & live links.

More in Tux Machines

digiKam 5.2.0 is published...

After a second release 5.1.0 published one month ago, the digiKam team is proud to announce the new release 5.2.0 of digiKam Software Collection. This version introduces a new bugs triage and some fixes following new feedback from end-users. This release introduce also a new red eyes tool which automatize the red-eyes effect reduction process. Faces detection is processed on whole image and a new algorithm written by a Google Summer of Code 2016 student named Omar Amin is dedicated to recognize shapes and try to found eyes with direct flash reflection on retina. Read more

Games for GNU/Linux

Linux Graphics

Libreboot Drama Continues, GNU Might Keep The Project

It's been one week since the Libreboot downstream of Coreboot announced it would leave the GNU and denounced the FSF over supposedly a transgendered individual having been fired by the this free software group. Both Richard Stallman and the FSF denounced these claims made by Libreboot maintainer Leah Rowe. Since then, no actual proof has been presented to back up these claims by the Libreboot maintainer but the drama around it has seemingly continued. Waking up this morning, I received an email as part of a long email chain from Leah Rowe about how the "GNU project refuses to let go of libreboot" and she wrote, "GNU project has told me that they will not allow libreboot to leave GNU. This is quite possibly the biggest insult imaginable, considering what has happened." Read more