Re: route of #phrack is a funny man!

From: George Staikos (staikosat_private)
Date: Thu May 23 2002 - 19:09:22 PDT

Next message: secureat_private: "[CLA-2002:487] Conectiva Linux Security Announcement - imap"

Previous message: securityat_private: "Security Update: [CSSA-2002-SCO.20] OpenServer 5.0.5 OpenServer 5.0.6 : popper buffer overflow and denial-of-service"
In reply to: gobblesat_private: "route of #phrack is a funny man!"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On May 21, 2002 11:49, gobblesat_private wrote:

> Vulnerable
> **********
>   KDE 1	- all platforms
>   KDE 2	- all platforms
>   KDE 3	- all platforms

[...]

> Problem
> *******
>
> A formatstring vulnerability exist in many talkd implementations.

   A patch for this has been in KDE CVS since 5pm EDT 05/21/02.  Thanks to 
Waldo Bastian for the quick work.  It is patched in the KDE_2_2_BRANCH, 
KDE_3_0_BRANCH and HEAD branch.  There are other problems with this code and 
we recommend not using it.  In particular, users of older KDE versions should 
disable ktalkd entirely.

    The just-released KDE 3.0.1 does not contain this fix since we were 
unaware of it when we sent the source out to the packagers.

Next message: secureat_private: "[CLA-2002:487] Conectiva Linux Security Announcement - imap"
Previous message: securityat_private: "Security Update: [CSSA-2002-SCO.20] OpenServer 5.0.5 OpenServer 5.0.6 : popper buffer overflow and denial-of-service"
In reply to: gobblesat_private: "route of #phrack is a funny man!"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri May 24 2002 - 06:20:27 PDT