Language Selection

English French German Italian Portuguese Spanish

KDE Kommander Arbitrary Code Execution Vulnerability

Filed under
KDE
Security

Eckhart Wörner has reported a vulnerability in KDE, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to a design error in Kommander, as it executes data files containing scripts without user confirmation.

Successful exploitation allows execution of arbitrary code on a user's system via a malicious kommander file.

The vulnerability affects Quanta 3.1.x and KDE versions 3.2 through 3.4.0.

Solution:
Apply patches.

Patch for KDE 3.4.0:
ftp://ftp.kde.org/pub/kde/securi...t-3.4.0-kdewebdev-kommander.diff
c388b21d91c8326fc9757cd8786713db

Patch for KDE 3.3.2:
ftp://ftp.kde.org/pub/kde/securi...t-3.3.2-kdewebdev-kommander.diff
d210c07121c1ba3a97660a6e166738e6

Original Advisory:
KDE:
http://www.kde.org/info/security/advisory-20050420-1.txt

Source & live links.

More in Tux Machines

Battle of the sub-$450 Android phones: ZTE Axon vs OnePlus 2 vs Moto X Style

Over the past two weeks we have seen three new Android phones announced that are priced to challenge Samsung, LG, and HTC devices typically found starting at $600. Read more

The AMD Radeon R9 Fury Is Currently A Disaster On Linux

When AMD announced the Radeon R9 Fury line-up powered by the "Fiji" GPU with High Bandwidth Memory, I was genuinely very excited to get my hands on this graphics card. The tech sounded great and offered up a lot of potential, and once finally finding an R9 Fury in stock, shelled out nearly $600 for this graphics card. Unfortunately though, thanks to the current state of the Catalyst Linux driver, the R9 Fury on Linux is a gigantic waste for OpenGL workloads. The R9 Fury results only exemplifies the hideous state of AMD's OpenGL support for their Catalyst Linux driver with a NVIDIA graphics card costing $200 less consistently delivering better gaming performance. Read more

Remix Mini Is the First Android PC, Runs Lollipop-Based Remix OS

Remix Mini is now on Kickstarter as the world's first true Android PC and its makers, Jide Technology, just might be the first company that takes an Android OS and makes it run like a proper desktop. Read more

Snappy Ubuntu Core 15.04 Gets a Second Stable Release

A second Snappy Ubuntu Core 15.04 iteration has been released by Canonical, and the new version comes with a reworked boot logic for BeagleBone Black, among other features. Read more