LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

kde: arbitrary code execution

Package(s):kde CVE #(s):CAN-2003-0204
Created:April 10, 2003 Updated:June 30, 2003
Description: The KDE Security team has issued an advisory on a vulnerability present in all versions of KDE that allow a remote attacker to execute arbitrary commands under your account. KDE 3.0.5b and KDE 3.1.1a have been released to address this problem. For KDE 2.2.2 patches to the KDE 2.2.2 sources have been made available.

KDE uses Ghostscript software for processing of PostScript (PS) and PDF files in a way that allows for the execution of arbitrary commands that can be contained in such files.

An attacker can prepare a malicious PostScript or PDF file which will provide the attacker with access to the victim's account and privileges when the victim opens this malicious file for viewing or when the victim browses a directory containing such malicious file and has file previews enabled.

An attacker can provide malicious files remotely to a victim in an e-mail, as part of a webpage, via an ftp server and possible other means.

Alerts:
Conectiva CLA-2003:668 2003-06-30
Red Hat RHSA-2003:002-01 2003-05-12
Debian DSA-296-1 2003-04-30
Mandrake MDKSA-2003:049-1 2003-04-24
SuSE SuSE-SA:2003:0026 2003-04-24
Debian DSA-293-1 2003-04-23
Slackware sl-1050682024 2003-04-18
Mandrake MDKSA-2003:049 2003-04-17
Sorcerer SORCERER2003-04-12 2003-04-12
Debian DSA-284-1 2003-04-12
Gentoo 200304-05 2003-04-11
Gentoo 200304-04 2003-04-10
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds