blob: 179cb1626a85a4b91332ed4ce60f8279e0491946 [file] [log] [blame]
<?xml version="1.0" encoding="utf-8"?>
<glsa id="200504-23">
<title>Kommander: Insecure remote script execution</title>
Kommander executes remote scripts without confirmation, potentially
resulting in the execution of arbitrary code.
<product type="ebuild">Kommander</product>
<announced>April 22, 2005</announced>
<revised>May 20, 2005: 02</revised>
<package name="kde-base/kdewebdev" auto="yes" arch="*">
<unaffected range="ge">3.3.2-r2</unaffected>
<vulnerable range="lt">3.3.2-r2</vulnerable>
KDE is a feature-rich graphical desktop environment for Linux and
Unix-like Operating Systems. Kommander is a visual dialog editor and
interpreter for KDE applications, part of the kdewebdev package.
Kommander executes data files from possibly untrusted locations without
user confirmation.
<impact type="normal">
An attacker could exploit this to execute arbitrary code with the
permissions of the user running Kommander.
There is no known workaround at this time.
All kdewebdev users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose &quot;&gt;=kde-base/kdewebdev-3.3.2-r2&quot;</code>
<uri link="">CAN-2005-0754</uri>
<uri link="">KDE Security Advisory: Kommander untrusted code execution</uri>
<metadata tag="submitter" timestamp="Fri, 22 Apr 2005 06:18:02 +0000">
<metadata tag="bugReady" timestamp="Fri, 22 Apr 2005 06:48:56 +0000">