Bug#515106: konqueror:

To: submit@bugs.debian.org
Subject: Bug#515106: konqueror:
From: "Michael S. Gilbert" <michael.s.gilbert@gmail.com>
Date: Fri, 13 Feb 2009 10:53:09 -0500
Message-id: <[🔎] 20090213105309.acee6607.michael.s.gilbert@gmail.com>
Reply-to: "Michael S. Gilbert" <michael.s.gilbert@gmail.com>, 515106@bugs.debian.org

Package: konqueror
Version: 4:3.5.9.dfsg.1-6
Severity: grave
Tags: security

as you have probably seen by now, there has been a lot of coverage
about the potential avenue for exploits via kde and gnome application
launchers (it looks like xfce is safe, for now) [1], [2], [3].

the core of the problem is that launchers have the ability to execute
perl, python, etc scripts without the executable bit set.  this
makes it much easier for an attacker to get the user to download and
run potentially malicious code.

fyi, you can also track the progress on this bug in the nautilus package
here [4].

regards,
mike

[1] http://www.geekzone.co.nz/foobar/6229
[2] http://www.geekzone.co.nz/foobar/6236
[3] http://lwn.net/Articles/178409/
[4] http://bugs.debian.org/515104

Reply to:

Prev by Date: Processed: your mail
Next by Date: Processed: Re: Bug#514784: base: Menu editing not working
Previous by thread: Processed: your mail
Next by thread: Processed: Re: Bug#514784: base: Menu editing not working
Index(es):
- Date
- Thread