exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

KDE Security Advisory 2005-04-20.1

KDE Security Advisory 2005-04-20.1
Posted Jun 1, 2005
Authored by KDE Desktop | Site kde.org

KDE Security Advisory: Kommander executes without user confirmation data files from possibly untrusted locations. As they contain scripts, the user might accidentally run arbitrary code.

tags | advisory, arbitrary
advisories | CVE-2005-0754
SHA-256 | 15c0b15e1f97fffefbb19b6f2354efaea247f2f23d0219684a0be903991619c5

KDE Security Advisory 2005-04-20.1

Change Mirror Download
KDE Security Advisory: Kommander untrusted code execution
Original Release Date: 2005-04-20
URL: http://www.kde.org/info/security/advisory-20050420-1.txt

0. References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0754

1. Systems affected:

Quanta 3.1.x, KDE 3.2 and new up to including KDE 3.4.0.


2. Overview:

Kommander is a visual editor and interpreter to edit and
interpret visual dialogs and execute scripts attached to
dialog actions.

Kommander executes without user confirmation data files
from possibly untrusted locations. As they contain
scripts, the user might accidentally run arbitrary code.


3. Impact:

Remotly supplied kommander files from untrusted sources
are executed without confirmation.


4. Solution:

Source code patches have been made available which fix these
vulnerabilities. Contact your OS vendor / binary package provider
for information about how to obtain updated binary packages.


5. Patch:

A patch for KDE 3.4.0 is available from
ftp://ftp.kde.org/pub/kde/security_patches :

c388b21d91c8326fc9757cd8786713db post-3.4.0-kdewebdev-kommander.diff

A patch for KDE 3.3.2 is available from
ftp://ftp.kde.org/pub/kde/security_patches :

d210c07121c1ba3a97660a6e166738e6 post-3.3.2-kdewebdev-kommander.diff


6. Time line and credits:

13/03/2005 Notification of KDE security by Eckhart Wörner
20/04/2005 Public Disclosure


Login or Register to add favorites

File Archive:

September 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    261 Files
  • 2
    Sep 2nd
    17 Files
  • 3
    Sep 3rd
    38 Files
  • 4
    Sep 4th
    52 Files
  • 5
    Sep 5th
    23 Files
  • 6
    Sep 6th
    27 Files
  • 7
    Sep 7th
    0 Files
  • 8
    Sep 8th
    0 Files
  • 9
    Sep 9th
    0 Files
  • 10
    Sep 10th
    0 Files
  • 11
    Sep 11th
    0 Files
  • 12
    Sep 12th
    0 Files
  • 13
    Sep 13th
    0 Files
  • 14
    Sep 14th
    0 Files
  • 15
    Sep 15th
    0 Files
  • 16
    Sep 16th
    0 Files
  • 17
    Sep 17th
    0 Files
  • 18
    Sep 18th
    0 Files
  • 19
    Sep 19th
    0 Files
  • 20
    Sep 20th
    0 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close