Package: kdelibs, kdebase Version: 3.3.2 Tags: security, patch Severity: serious CAN-2004-1171 is about a security hole in KDE that allows for possible passoword leakage: KDE 3.2.x and 3.3.0 through 3.3.2, when saving credentials that are (1) manually entered by the user or (2) created by the SMB protocol handler, stores those credentials for in plaintext in the user's .desktop file, which may be created with world-readable permissions, which could allow local users to obtain usernames and passwords for remote resources such as SMB shares. Note that this will need to be fixed in both the version in unstable and the older version in testing via t-p-u. This page has details of the hole and links to patches for all recent versions of KDE: http://marc.theaimsgroup.com/?l=bugtraq&m=110261063201488&w=2 -- see shy jo
Attachment:
signature.asc
Description: Digital signature