Re: KDE Security Advisory: Multiple vulnerabilities in KDE

From: fozzyat_private
Date: Sun Dec 22 2002 - 15:07:44 PST

Next message: iDEFENSE Labs: "iDEFENSE Security Advisory 12.23.02: Integer Overflow in pdftops"

Previous message: Joe Testa: "[Full-Disclosure] Re: iDEFENSE Security Advisory 12.19.02: Multiple Security Vulnerabilities in Common Unix Printing System (CUPS)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

>         The KDE Project is not aware of any existing exploits of these 
>         vulnerabilities

I'd like to stress out that, due to the nature of these vulnerabilities,
exploitation can be very easy and "basic". Security-enhanced kernels
(preventing buffer overflows and format string attacks) will not help. A
bit like most MS Internet Explorer bugs BTW... ;-)
After I found out some of these problems, the KDE Security Team has done a
good job in finding and fixing all the potentially vulnerable instances of
code. This is a major fix, so consider upgrading soon !

Fozzy

The Hackademy Audit
http://www.thehackademy.net/audit.php (french)

Next message: iDEFENSE Labs: "iDEFENSE Security Advisory 12.23.02: Integer Overflow in pdftops"
Previous message: Joe Testa: "[Full-Disclosure] Re: iDEFENSE Security Advisory 12.19.02: Multiple Security Vulnerabilities in Common Unix Printing System (CUPS)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Dec 24 2002 - 01:17:58 PST