Kommander executes remote scripts without confirmation, potentially resulting in the execution of arbitrary code.
|Package||kde-base/kdewebdev on all architectures|
|Affected versions||< 3.3.2-r2|
|Unaffected versions||>= 3.3.2-r2|
KDE is a feature-rich graphical desktop environment for Linux and Unix-like Operating Systems. Kommander is a visual dialog editor and interpreter for KDE applications, part of the kdewebdev package.
Kommander executes data files from possibly untrusted locations without user confirmation.
An attacker could exploit this to execute arbitrary code with the permissions of the user running Kommander.
There is no known workaround at this time.
All kdewebdev users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=kde-base/kdewebdev-3.3.2-r2"
April 22, 2005
May 20, 2005: 02