GLSA Advocate
Joined: 12 May 2004 Posts: 2663
|
Posted: Fri Apr 22, 2005 5:56 pm Post subject: [ GLSA 200504-23 ] Kommander: Insecure remote script executi |
|
|
Gentoo Linux Security Advisory
Title: Kommander: Insecure remote script execution (GLSA 200504-23)
Severity: normal
Exploitable: remote
Date: April 22, 2005
Updated: May 20, 2005
Bug(s): #89092
ID: 200504-23
Synopsis
Kommander executes remote scripts without confirmation, potentially resulting in the execution of arbitrary code.
Background
KDE is a feature-rich graphical desktop environment for Linux and Unix-like Operating Systems. Kommander is a visual dialog editor and interpreter for KDE applications, part of the kdewebdev package.
Affected Packages
Package: kde-base/kdewebdev
Vulnerable: < 3.3.2-r2
Unaffected: >= 3.3.2-r2
Architectures: All supported architectures
Description
Kommander executes data files from possibly untrusted locations without user confirmation.
Impact
An attacker could exploit this to execute arbitrary code with the permissions of the user running Kommander.
Workaround
There is no known workaround at this time.
Resolution
All kdewebdev users should upgrade to the latest version: Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=kde-base/kdewebdev-3.3.2-r2" |
References
CAN-2005-0754
KDE Security Advisory: Kommander untrusted code execution
Last edited by GLSA on Sun May 07, 2006 4:56 pm; edited 1 time in total |
|