Joined: 12 May 2004
|Posted: Fri Apr 22, 2005 5:56 pm Post subject: [ GLSA 200504-23 ] Kommander: Insecure remote script executi
|Gentoo Linux Security Advisory
Title: Kommander: Insecure remote script execution (GLSA 200504-23)
Date: April 22, 2005
Updated: May 20, 2005
Kommander executes remote scripts without confirmation, potentially resulting in the execution of arbitrary code.
KDE is a feature-rich graphical desktop environment for Linux and Unix-like Operating Systems. Kommander is a visual dialog editor and interpreter for KDE applications, part of the kdewebdev package.
Vulnerable: < 3.3.2-r2
Unaffected: >= 3.3.2-r2
Architectures: All supported architectures
Kommander executes data files from possibly untrusted locations without user confirmation.
An attacker could exploit this to execute arbitrary code with the permissions of the user running Kommander.
There is no known workaround at this time.
All kdewebdev users should upgrade to the latest version:
|# emerge --sync
# emerge --ask --oneshot --verbose ">=kde-base/kdewebdev-3.3.2-r2"
KDE Security Advisory: Kommander untrusted code execution
Last edited by GLSA on Sun May 07, 2006 4:56 pm; edited 1 time in total