Slashdot Mirror

← Back to Stories (view on slashdot.org)

KDE Heap Overflow Vulnerability Found

Posted by CowboyNeal on from the holes-in-the-dike dept.

sayanchak writes "An incorrect bounds check has been discovered in kjs, the JavaScript interpreter engine used by Konqueror and other parts of KDE, that allows a heap based buffer overflow when decoding specially crafted UTF-8 encoded URI sequences. It might allow malicious Javascript code to perform a heap overflow and crash Konqueror or even execute arbitrary code. Source diff patches for KDE 3.2.0 - 3.3.2 and KDE 3.4.0 - 3.5.0 are available."

5 of 233 comments (clear)

  1. Re:This is why I use Windows by Anonymous Coward · · Score: -1, Flamebait
    The complaint about MS is the running of said things in or at the kernel.
    The complaint about linux zealots is that they have no sense of humor (or clue of what they are talking about)
  2. Well, I used to love KDE... by TyrelHaveman · · Score: 0, Flamebait

    I used to love KDE until I saw this. What the **** is wrong with their engineers? ****

  3. Re:This is why I use Windows by The+Spoonman · · Score: -1, Flamebait

    come to think of it, there are no technical benefits in doing so

    Actually, there are plenty. The problem is *nix guys who are still using their 30-year-old technology and can't grasp the concept of "moving forward". Tell you what, you *nix guys keep to yourselves, let the Windows guys who know what they're doing keep the IT departments moving forward. We're moving your shit out, and helping you prepare for your next exciting career: Walmart greeter! Yaay! Of course, you'll start complaining there about the good old days where people had to push the door open, rather than it opening for them...

    Consider that situation: a user with total control over the system, who can change or overwrite anything, is using a single component for everything they do.

    Now consider that they're using Linux. How does that change the model? Do you honestly think if Linux saturated the home desktop arena tomorrow we wouldn't be seeing the same issues? The problem isn't the software, it's the interface between keyboard and chair.

    --
    Which is more painful? Going to work or gouging your eye out with a spoon? Find out!
    http://www.workorspoon.com
  4. I've got news for you by Qbertino · · Score: 0, Flamebait

    1.) Windows does take longer to patch
    2.) Anything is more secure than windows
    3.) Odds are the people that discovered the bug are the same ones that patched it while discovering it. So, yes, this security hole is allready patched. That is more often the case than not with OSS.
    4.) Yes, believe it of not, it does NOT crash the OS when Konqueror goes down. Unlike IE on windows, the TCP/IP stack is not bound into the most inner workings of the OS. Which makes sense.

    The funny thing is that we ought to be laughing about windows when windows holes pop up. Then on the other hand, the trouble the windows family causes isn't funny anymore and hasn't been for years.

    --
    We suffer more in our imagination than in reality. - Seneca
  5. News just in... by kula.shinoda · · Score: 0, Flamebait

    All thirteen Konquerer users around the world have now been successfully patched, making this patch one of the only ones ever created that patched all users.

    --
    Real men don't write sigs