KDE 4.x Multiple Highly Critical Vulnerabilities

Forums » Up and Running » Security » Security » KDE 4.x Multiple Highly Critical Vulnerabilities


Uniqs: 386	Share Topic:	RSS topic:	toggle: flat / full normal / watch	Posting:	Post a:	Post a:

Links: ·Hijack This logs? ·Panda Free Tools ·Vundo Removal

Security Software Updates - 03 Jul 2009 »
« McAfee Virus update leaves PCs unbootable

Smokey Bear
veritas odium parit
Premium
join:2008-03-15
Annie's Pub

KDE 4.x Multiple Highly Critical Vulnerabilities

Multiple highly critical vulnerabilities have been reported in KDE 4.x, which can be exploited by malicious people to compromise a user's system.

Impact: DoS, System access from remote.

CVE references: CVE-2009-0945, CVE-2009-1690

Solution Status: Vendor Workarounds >>

>> »websvn.kde.org/?view=rev&revision=983302, »websvn.kde.org/?view=rev&revision=983316

»secunia.com/advisories/35627/
--
Smokey's Security Forums »www.smokey-services.eu/forums/
Smokey's Security Weblog »smokeys.wordpress.com/
Site Member ASAP - Alliance of Security Analysis Professionals

permalink · 2009-07-02 13:13:27 · Print ·

SUMware Premium join:2002-05-21 4 edits	Re: KDE 4.x Multiple Highly Critical Vulnerabilities Linux distributions provide repository fixes and security updates for users. More information: »www.f-secure.com/vulnerabilities···00902981 PS - Don't run as root, then it's not an issue.
	permalink · 2009-07-02 13:32:12 ·

Smokey Bear
veritas odium parit
Premium
join:2008-03-15
Annie's Pub

Re: KDE 4.x Multiple Highly Critical Vulnerabilities

said by SUMware

:

Linux distributions provide repository fixes and security updates for users.

More information:
»www.f-secure.com/vulnerabilities···00902981

According to F-Secure, this regard KDE 3.x
--
Smokey's Security Forums »www.smokey-services.eu/forums/
Smokey's Security Weblog »smokeys.wordpress.com/
Site Member ASAP - Alliance of Security Analysis Professionals

permalink · 2009-07-02 13:41:11 · Print ·

SUMware Premium join:2002-05-21	Re: KDE 4.x Multiple Highly Critical Vulnerabilities said by Smokey Bear : said by SUMware : Linux distributions provide repository fixes and security updates for users. More information: »www.f-secure.com/vulnerabilities···00902981 According to F-Secure, this regard KDE 3.x Yes. That's what they say.
	permalink · 2009-07-02 13:42:45 · Print ·

Smokey Bear veritas odium parit Premium join:2008-03-15 Annie's Pub	Re: KDE 4.x Multiple Highly Critical Vulnerabilities I posted about KDE 4.x vulnerabilities...
	permalink · 2009-07-02 13:46:23 ·

SUMware Premium join:2002-05-21	Re: KDE 4.x Multiple Highly Critical Vulnerabilities And I posted additional information for members. I'd be happy to delete my post if you'd like, and its information, if you think that it will be of benefit to readers to do so.
	permalink · 2009-07-02 13:49:18 ·

Smokey Bear
veritas odium parit
Premium
join:2008-03-15
Annie's Pub

Re: KDE 4.x Multiple Highly Critical Vulnerabilities

said by SUMware

:

And I posted additional information for members.

I'd be happy to delete my post if you'd like, and its information, if you think that it will be of benefit to readers to do so.

No need, your info regard also KDE vulnerabilities, but there was the need to clarify that your reply affect KDE 3.x users.

--
Smokey's Security Forums »www.smokey-services.eu/forums/
Smokey's Security Weblog »smokeys.wordpress.com/
Site Member ASAP - Alliance of Security Analysis Professionals

permalink · 2009-07-02 13:52:36 · Print ·

SUMware Premium join:2002-05-21	Re: KDE 4.x Multiple Highly Critical Vulnerabilities OK. Understand. Well, I guess that we've now accomplished that. LOL.
	permalink · 2009-07-02 13:57:39 ·

KodiacZiller

join:2008-09-04
73368

1 edit

Re: KDE 4.x Multiple Highly Critical Vulnerabilities

This appears to only be an issue if one is using a KHTML browser (a la Konqueror) which hardly anyone does, almost all Linux users use Firefox. And, as Sumware said, not running as root would stop this from compromising the entire system (and almost no one runs as root, especially on the *buntu's). Kubuntu has already pushed the fix for this. I was prompted to update earlier today.

This is one of the reasons I always create MAC profiles for my browser -- it's easy to do and makes bugs like this near impossible to execute. (Actually AppArmor is easy to do, SELinux not so much)

And where is Matunga?

permalink · 2009-07-02 17:38:53 · Print ·

SUMware Premium join:2002-05-21	Re: KDE 4.x Multiple Highly Critical Vulnerabilities Agreed. It's pretty much a non-issue.
	permalink · 2009-07-02 17:46:51 ·

jdong Eat A Beaver, Save A Tree. Premium join:2002-07-09 Rochester, MI clubs:	In fact, the proactives stack/heap protection capabilities of most distributions (OpenSUSE, Fedora/RHEL, Ubuntu) will stop this class of vulnerabilities. -- Ubuntu MOTU Developer and Forums Council
	permalink · 2009-07-03 22:28:36 ·

your comment..

Forums » Up and Running » Security » Security	Security Software Updates - 03 Jul 2009 » « McAfee Virus update leaves PCs unbootable


Saturday, 28-Nov 09:28:29	Terms of Use \| Privacy Policy \| Hosting by www.nac.net - DSL,Hosting & Co-lo \| feedback \| contact over 10 years online! © 1999-2009 dslreports.com.republican-creole page compression OFF