|
|
BugTraq
KDE Security Advisory: Multiple vulnerabilities in KDE Dec 21 2002 12:13PM Dirk Mueller (mueller kde org) (1 replies) Re: KDE Security Advisory: Multiple vulnerabilities in KDE Dec 22 2002 11:07PM fozzy dmpfrance com (1 replies) |
|
Privacy Statement |
> A bit like most MS Internet Explorer bugs BTW... ;-)
It's exactly the same.
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/secur
ity/bulletin/MS01-015.asp
> After I found out some of these problems, the KDE Security Team has done a
> good job in finding and fixing all the potentially vulnerable instances of
> code. This is a major fix, so consider upgrading soon !
However, another set of problems related to the command line
processing remains: At laest in
kdelibs/kdeprint/management/smbview.cpp, a user-supplied password is
passed on the command line to a subprocess. The command line is a
resource readable by all local users, and so is the environment (which
the KDE developers used after they were told about the problem).
Of course, this problem isn't relevant in most situations (it's only a
problem in rough multi-user environments). The other command line
processing bugs are much more severe.
--
Florian Weimer Weimer (at) CERT.Uni-Stuttgart (dot) DE [email concealed]
University of Stuttgart http://CERT.Uni-Stuttgart.DE/people/fw/
RUS-CERT fax +49-711-685-5898
[ reply ]