BSD talkd Remote Format String Vulnerability

Solution:
A patch for this vulnerability has been in the KDE CVS tree since 2100 GMT May 21, 2002. The patched branches are KDE_2_2_BRANCH, KDE_3_0_BRANCH and HEAD.

KDE mentions that there are other problems with this code and suggests that users not use the service. KDE recommends users of older versions of KDE disable the ktalkd service entirely. The newest release of KDE, 3.0.1, does not include the relevant patches.

A patch for affected versions is available at ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.7.tar.gz

This was fixed in OpenBSD 2.8.


OpenBSD OpenBSD 2.7


 

Privacy Statement
Copyright 2010, SecurityFocus