Language Selection

English French German Italian Portuguese Spanish

KDE Kommander Arbitrary Code Execution Vulnerability

Filed under
KDE
Security

Eckhart Wörner has reported a vulnerability in KDE, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to a design error in Kommander, as it executes data files containing scripts without user confirmation.

Successful exploitation allows execution of arbitrary code on a user's system via a malicious kommander file.

The vulnerability affects Quanta 3.1.x and KDE versions 3.2 through 3.4.0.

Solution:
Apply patches.

Patch for KDE 3.4.0:
ftp://ftp.kde.org/pub/kde/securi...t-3.4.0-kdewebdev-kommander.diff
c388b21d91c8326fc9757cd8786713db

Patch for KDE 3.3.2:
ftp://ftp.kde.org/pub/kde/securi...t-3.3.2-kdewebdev-kommander.diff
d210c07121c1ba3a97660a6e166738e6

Original Advisory:
KDE:
http://www.kde.org/info/security/advisory-20050420-1.txt

Source & live links.

More in Tux Machines

Distro Development: Rescatux and Bodhi

  • Rescatux 0.40 beta 9 released
    Many code in the grub side and in the windows registry side has been rewritten so that these new features could be rewritten. As a consequence it will be easier to maintain Rescapp. Finally the chntpw based options which modify the Windows registry now perform a backup of the Windows registry files in the unlikely case you want to undo some of the changes that Rescapp performs. I guess that in the future there will be a feature to be able to restore such backups from Rescapp itself, but, let’s focus on releasing an stable release. It’s been a while since the last one. UEFI feedback is still welcome. Specially if the Debian installation disks work for you but not the Rescatux ones.
  • Bodhi 4.0.0 Updates and July Donation Totals
    Late last month I posted a first alpha look at Bodhi 4.0.0. Work since then has been coming along slowly due to a few unpredictable issues and my own work schedule outside of Bodhi being hectic over the summer. Bodhi 4.0.0 will be happening, but likely not with a stable release until September. I am traveling again this weekend, but am hoping to get out a full alpha release with 32bit and non-PAE discs next week.

Devices and Android

Leftovers: BSD/LLVM

Emma A LightWeight Database Management Tool For Linux

Today who does not interact with databases and if you're a programmer then the database management is your daily task. For database management, there is a very popular tool called, MySQL Workbench. It's a tool that ships with tonnes of functionalities. But not all of us as beginner programmers use all Workbench features. So here we also have a very lightweight database manager in Linux, Emma. Read
more