Re: KDE Security Advisory: Multiple vulnerabilities in KDE

From: Florian Weimer (Weimer@CERT.Uni-Stuttgart.DE)
Date: 12/23/02

  • Next message: iDEFENSE Labs: "iDEFENSE Security Advisory 12.23.02: Integer Overflow in pdftops" 
    To: fozzy@dmpfrance.com
From: Florian Weimer <Weimer@CERT.Uni-Stuttgart.DE>
Date: Mon, 23 Dec 2002 19:40:37 +0100

    fozzy@dmpfrance.com writes:

    > A bit like most MS Internet Explorer bugs BTW... ;-)

    It's exactly the same.

    http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS01-015.asp

    > After I found out some of these problems, the KDE Security Team has done a
    > good job in finding and fixing all the potentially vulnerable instances of
    > code. This is a major fix, so consider upgrading soon !

    However, another set of problems related to the command line
    processing remains: At laest in
    kdelibs/kdeprint/management/smbview.cpp, a user-supplied password is
    passed on the command line to a subprocess. The command line is a
    resource readable by all local users, and so is the environment (which
    the KDE developers used after they were told about the problem).

    Of course, this problem isn't relevant in most situations (it's only a
    problem in rough multi-user environments). The other command line
    processing bugs are much more severe. 

    -- 
Florian Weimer 	                  Weimer@CERT.Uni-Stuttgart.DE
University of Stuttgart           http://CERT.Uni-Stuttgart.DE/people/fw/
RUS-CERT                          fax +49-711-685-5898