KDE 4.x Multiple Highly Critical Vulnerabilities in Security

KDE 4.x Multiple Highly Critical Vulnerabilities in Security http://www.dslreports.com/forum/r22645083 en Sun, 29 Nov 2009 00:53:23 EDT Sun, 29 Nov 2009 00:53:23 EDT Re: KDE 4.x Multiple Highly Critical Vulnerabilities http://www.dslreports.com/forum/remark,22652080 jdong : In fact, the proactives stack/heap protection capabilities of most distributions (OpenSUSE, Fedora/RHEL, Ubuntu) will stop this class of vulnerabilities.
--
Ubuntu MOTU Developer and Forums Council]]> http://www.dslreports.com/forum/remark,22652080 Fri, 03 Jul 2009 22:28:36 EDT Re: KDE 4.x Multiple Highly Critical Vulnerabilities http://www.dslreports.com/forum/remark,22646476 SUMware : Agreed. It's pretty much a non-issue.]]> http://www.dslreports.com/forum/remark,22646476 Thu, 02 Jul 2009 17:46:51 EDT Re: KDE 4.x Multiple Highly Critical Vulnerabilities http://www.dslreports.com/forum/remark,22646437 KodiacZiller : This appears to only be an issue if one is using a KHTML browser (a la Konqueror) which hardly anyone does, almost all Linux users use Firefox. And, as Sumware said, not running as root would stop this from compromising the entire system (and almost no one runs as root, especially on the *buntu's). Kubuntu has already pushed the fix for this. I was prompted to update earlier today.

This is one of the reasons I always create MAC profiles for my browser -- it's easy to do and makes bugs like this near impossible to execute. (Actually AppArmor is easy to do, SELinux not so much) ;)

And where is Matunga? :)]]> http://www.dslreports.com/forum/remark,22646437 Thu, 02 Jul 2009 17:38:53 EDT Re: KDE 4.x Multiple Highly Critical Vulnerabilities http://www.dslreports.com/forum/remark,22645328 SUMware : OK. Understand. Well, I guess that we've now accomplished that. LOL. :)]]> http://www.dslreports.com/forum/remark,22645328 Thu, 02 Jul 2009 13:57:39 EDT Re: KDE 4.x Multiple Highly Critical Vulnerabilities http://www.dslreports.com/forum/remark,22645301 Smokey Bear :

said by SUMware

:

And I posted additional information for members.

I'd be happy to delete my post if you'd like, and its information, if you think that it will be of benefit to readers to do so.

No need, your info regard also KDE vulnerabilities, but there was the need to clarify that your reply affect KDE 3.x users. :)
--
Smokey's Security Forums »www.smokey-services.eu/forums/
Smokey's Security Weblog »smokeys.wordpress.com/
Site Member ASAP - Alliance of Security Analysis Professionals]]> http://www.dslreports.com/forum/remark,22645301 Thu, 02 Jul 2009 13:52:36 EDT Re: KDE 4.x Multiple Highly Critical Vulnerabilities http://www.dslreports.com/forum/remark,22645281 SUMware : And I posted additional information for members.

I'd be happy to delete my post if you'd like, and its information, if you think that it will be of benefit to readers to do so.]]> http://www.dslreports.com/forum/remark,22645281 Thu, 02 Jul 2009 13:49:18 EDT Re: KDE 4.x Multiple Highly Critical Vulnerabilities http://www.dslreports.com/forum/remark,22645260 Smokey Bear : I posted about KDE 4.x vulnerabilities...]]> http://www.dslreports.com/forum/remark,22645260 Thu, 02 Jul 2009 13:46:23 EDT Re: KDE 4.x Multiple Highly Critical Vulnerabilities http://www.dslreports.com/forum/remark,22645239 SUMware :

said by Smokey Bear

said by SUMware

:

Linux distributions provide repository fixes and security updates for users.

More information:
»www.f-secure.com/vulnerabilities···00902981

According to F-Secure, this regard KDE 3.x

Yes. That's what they say.]]> http://www.dslreports.com/forum/remark,22645239 Thu, 02 Jul 2009 13:42:45 EDT Re: KDE 4.x Multiple Highly Critical Vulnerabilities http://www.dslreports.com/forum/remark,22645234 Smokey Bear :

said by SUMware

:

Linux distributions provide repository fixes and security updates for users.

More information:
»www.f-secure.com/vulnerabilities···00902981

According to F-Secure, this regard KDE 3.x
--
Smokey's Security Forums »www.smokey-services.eu/forums/
Smokey's Security Weblog »smokeys.wordpress.com/
Site Member ASAP - Alliance of Security Analysis Professionals]]> http://www.dslreports.com/forum/remark,22645234 Thu, 02 Jul 2009 13:41:11 EDT Re: KDE 4.x Multiple Highly Critical Vulnerabilities http://www.dslreports.com/forum/remark,22645187 SUMware : Linux distributions provide repository fixes and security updates for users.

More information:
»www.f-secure.com/vulnerabilities···00902981

PS - Don't run as root, then it's not an issue. ;)]]> http://www.dslreports.com/forum/remark,22645187 Thu, 02 Jul 2009 13:32:12 EDT KDE 4.x Multiple Highly Critical Vulnerabilities http://www.dslreports.com/forum/remark,22645083 Smokey Bear :

Multiple highly critical vulnerabilities have been reported in KDE 4.x, which can be exploited by malicious people to compromise a user's system.

Impact: DoS, System access from remote.

CVE references: CVE-2009-0945, CVE-2009-1690

Solution Status: Vendor Workarounds >>

>> »websvn.kde.org/?view=rev&revision=983302, »websvn.kde.org/?view=rev&revision=983316

»secunia.com/advisories/35627/
--
Smokey's Security Forums »www.smokey-services.eu/forums/
Smokey's Security Weblog »smokeys.wordpress.com/
Site Member ASAP - Alliance of Security Analysis Professionals]]> http://www.dslreports.com/forum/remark,22645083 Thu, 02 Jul 2009 13:13:27 EDT