Language Selection

English French German Italian Portuguese Spanish

KDE Kommander Arbitrary Code Execution Vulnerability

Filed under

Eckhart Wörner has reported a vulnerability in KDE, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to a design error in Kommander, as it executes data files containing scripts without user confirmation.

Successful exploitation allows execution of arbitrary code on a user's system via a malicious kommander file.

The vulnerability affects Quanta 3.1.x and KDE versions 3.2 through 3.4.0.

Apply patches.

Patch for KDE 3.4.0:

Patch for KDE 3.3.2:

Original Advisory:

Source & live links.

More in Tux Machines

FreeBSD Finally Gets Mitigated For Spectre & Meltdown (and Hugs)

  • FreeBSD Finally Gets Mitigated For Spectre & Meltdown
    Landing in FreeBSD today was the mitigation work for the Meltdown and Spectre CPU vulnerabilities. It's taken a few more weeks longer than most of the Linux distributions to be re-worked for Spectre/Meltdown mitigation as well as DragonFlyBSD, but with FreeBSD Revision 329462 it appears their initial fixes are in place. There is Meltdown mitigation for Intel CPUs via a KPTI implementation similar to Linux, the Kernel Page Table Isolation. There is also a PCID (Process Context Identifier) optimization for Intel Westmere CPUs and newer, just as was also done on Linux.
  • FreeBSD outlaws virtual hugs
  • AsiaBSDCon 2018 Conference Programme

Linux: To recurse or not

Linux and recursion are on very good speaking terms. In fact, a number of Linux command recurse without ever being asked while others have to be coaxed with just the right option. When is recursion most helpful and how can you use it to make your tasks easier? Let’s run through some useful examples and see. Read more

Today in Techrights

Android Leftovers