|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Florian Weimer (Weimer_at_CERT.Uni-Stuttgart.DE)
Date: Mon Dec 23 2002 - 12:40:37 CST
fozzy
dmpfrance.com writes:
> A bit like most MS Internet Explorer bugs BTW... ;-)
It's exactly the same.
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS01-015.asp
> After I found out some of these problems, the KDE Security Team has done a
> good job in finding and fixing all the potentially vulnerable instances of
> code. This is a major fix, so consider upgrading soon !
However, another set of problems related to the command line
processing remains: At laest in
kdelibs/kdeprint/management/smbview.cpp, a user-supplied password is
passed on the command line to a subprocess. The command line is a
resource readable by all local users, and so is the environment (which
the KDE developers used after they were told about the problem).
Of course, this problem isn't relevant in most situations (it's only a
problem in rough multi-user environments). The other command line
processing bugs are much more severe.
-- Florian Weimer Weimer
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]