Re: KDE Security Advisory: Multiple vulnerabilities in KDE

From: fozzy@dmpfrance.com
Date: 12/23/02

Next message: Dr.Tek: "'printenv' XSS vulnerability"

Previous message: Paul Szabo: "Matlab /tmp usage"
In reply to: Dirk Mueller: "KDE Security Advisory: Multiple vulnerabilities in KDE"
Next in thread: Florian Weimer: "Re: KDE Security Advisory: Multiple vulnerabilities in KDE"
Reply: Florian Weimer: "Re: KDE Security Advisory: Multiple vulnerabilities in KDE"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: fozzy@dmpfrance.com
To: bugtraq@securityfocus.com
Date: Sun, 22 Dec 2002 23:07:44 GMT

> The KDE Project is not aware of any existing exploits of these
> vulnerabilities

I'd like to stress out that, due to the nature of these vulnerabilities,
exploitation can be very easy and "basic". Security-enhanced kernels
(preventing buffer overflows and format string attacks) will not help. A
bit like most MS Internet Explorer bugs BTW... ;-)
After I found out some of these problems, the KDE Security Team has done a
good job in finding and fixing all the potentially vulnerable instances of
code. This is a major fix, so consider upgrading soon !

Fozzy

The Hackademy Audit
http://www.thehackademy.net/audit.php (french)

Next message: Dr.Tek: "'printenv' XSS vulnerability"
Previous message: Paul Szabo: "Matlab /tmp usage"
In reply to: Dirk Mueller: "KDE Security Advisory: Multiple vulnerabilities in KDE"
Next in thread: Florian Weimer: "Re: KDE Security Advisory: Multiple vulnerabilities in KDE"
Reply: Florian Weimer: "Re: KDE Security Advisory: Multiple vulnerabilities in KDE"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]