fozzy@dmpfrance.com writes: > A bit like most MS Internet Explorer bugs BTW... ;-) It's exactly the same. http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS01-015.asp > After I found out some of these problems, the KDE Security Team has done a > good job in finding and fixing all the potentially vulnerable instances of > code. This is a major fix, so consider upgrading soon ! However, another set of problems related to the command line processing remains: At laest in kdelibs/kdeprint/management/smbview.cpp, a user-supplied password is passed on the command line to a subprocess. The command line is a resource readable by all local users, and so is the environment (which the KDE developers used after they were told about the problem). Of course, this problem isn't relevant in most situations (it's only a problem in rough multi-user environments). The other command line processing bugs are much more severe. -- Florian Weimer Weimer@CERT.Uni-Stuttgart.DE University of Stuttgart http://CERT.Uni-Stuttgart.DE/people/fw/ RUS-CERT fax +49-711-685-5898
