Slashdot Mirror

← Back to Stories (view on slashdot.org)

Security Vulnerabilities in KDE 2.1-3.0.4, 3.1 RC3

Posted by timothy on from the full-disclosure dept.

Paladin128 writes "The KDE Project today issued two security advisories which affect KDE versions 2.1 through KDE 3.0.4 (and also through KDE 3.1 RC3). The first advisory concerns the rlogin:// service and, for affected KDE 2.x systems, the telnet:// service. The second advisory concerns the LISa and resLISa network browsing applications. Binary packages for KDE 3.0.5 should be available by early next week (check the KDE 3.0.5 Info Page); in the interim it is recommended to disable the affected services or upgrade from the source code or patches. Read more here."

8 comments

  1. Unsecured telnet service? by reaper20 · · Score: 5, Funny

    Man, I hope KDE fixes this, we can't have people sniffing out my packets as I telnet over the public internet. Whew!

    1. Re:Unsecured telnet service? by MrResistor · · Score: 2

      A security advisement regarding telnet and rlogin does seem kind of redundant, doesn't it?

      --
      Under capitalism man exploits man. Under communism it's the other way around.
    2. Re:Unsecured telnet service? by Anonymous Coward · · Score: 0

      Hell yes!

      Next thing you know M$ will anounce IE is insecure!

  2. Holy shit! Insecure KDE! by Anonymous Coward · · Score: 0

    I can't understand why anyone would use KDE when GNOME exists.

    The KDE project is entirely focused on duplicating Windows. I mean, they even have their own crappy integrated browser (whereas the gnome folks know that gtkhtml sucks so pretend it doesn't exist)!

    Now, their users are starting to realize that aspects of KDE other than Konqueror are every bit as buggy as their Windows counterparts as well. In short, KDE == bugs.

    Use GNOME, people, and your computer shall remain secure.

    1. Re:Holy shit! Insecure KDE! by betelgeuse68 · · Score: 1

      I can't understand why YOU would use GNOME when KDE exists. ;-)

      The point of KDE is to provide easy access to LINUX. Not everyone in this world is interested in being a sys admin demigod in order to be able to work against their computer.

      Yes, that's a bit of an extreme view, but there are many, MANY people who have difficulty even with Macintoshes and Windows boxes.

      KDE is simply trying to make computing more accessible. There is nothing wrong with that.

      At this point I think all *NIX desktops suck for the most part. I heavily use LINUX at the backend but for now I prefer to have a Windows XP head. I use SSH and an X server to make the entire debate irrelevant, e.g., I'm running Mozilla as I type this message yet it is displayed on my Windows XP desktop.

      Depending on my mode I might fire up Cygwin's X server (with WindowMaker) or use Hummingbir's Exceed.

      Ultimately it all depends what your intentions are. If you do what you need to get done, who cares about what desktop someone uses.

  3. Oh no, that means.. by Anonymous Coward · · Score: 0
    Nothing to me. Hey, I don't use KDE! Of course
    GNOME Sux too. Personally I have no idea why anybody
    would use either of them. If someone wanted to use
    Linux (or BSD in my case), you do it because you want
    an operating system that is stable and efficient. When you put
    either KDE or GNOME over the OS, you just lose those
    two advantages. The only difference between that and XP
    is MS has better games and more programs and Linux/BSD with
    the desktop manager is open source.


    Blah!

  4. Why? Because you say so? by Anonymous Coward · · Score: 0

    Well I say that Gnome is buggier than KDE. At least that's the way it's been on my machines.

    Gnome sucks ass is why people use KDE over it. Duh! And if there truly are no security problems (There are certainly known stability problems) it's only because they haven't been found yet.