Re: GIF for KDE
Yes. I saw the posting to the kde list by Alan Cox, I believe it was. I
wonder if you, or another Debianite, could tell me just how easy it would
be to attach to a tcp port and send/recv commands to take advantage of
that security hole? I know a programmer would have no trouble exploiting
this. What about the common Joe?
And don't flame me. I think it should be fixed as well, ofcourse. I just
want to get an idea of how threatening it is. If anybody can do it by
telneting to the tcp port that's a major problem. If it takes a special
program to take advantage of it, then that's not something I would expect
to see happen to me before the fix is done.
I didn't get the whole dialog that Alan and he were having but I assume
the guy will make haste in fixing the problem after being shot down like
that. Evidently he didn't know Alan was a kernel developer.
Anyway, thanks for the info. I got it from incoming at master.
On 6 May 1997, Steve Dunham wrote:
> Rick Jones <rickya@siservices.net> writes:
>
> > What package is libgif2 in? It's needed to install the kde packages.
>
> You know there is a huge security hole in kfm....(which the author
> apparently doesn't care to fix...) It uses a tcp socket to send
> commands (like delete file) to it's slave processes...So essentially
> (if you're on the net) anyone in the world can delete files on your
> machine...
>
> "libgif2" is the name of the package. Look for it in
> hamm/hamm/binary-i386/devel
> (I don't know if it's been installed yet.)
>
>
> Steve
> dunham@cps.msu.edu
>
--Rick
rickya@siservices.net
--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-user-request@lists.debian.org .
Trouble? e-mail to templin@bucknell.edu .
Reply to: