Slashdot Mirror

← Back to Stories (view on slashdot.org)

KDE Heap Overflow Vulnerability Found

Posted by CowboyNeal on from the holes-in-the-dike dept.

sayanchak writes "An incorrect bounds check has been discovered in kjs, the JavaScript interpreter engine used by Konqueror and other parts of KDE, that allows a heap based buffer overflow when decoding specially crafted UTF-8 encoded URI sequences. It might allow malicious Javascript code to perform a heap overflow and crash Konqueror or even execute arbitrary code. Source diff patches for KDE 3.2.0 - 3.3.2 and KDE 3.4.0 - 3.5.0 are available."

5 of 233 comments (clear)

  1. This is why I use Windows by Anonymous Coward · · Score: 3, Funny

    Microsoft would never tie a web browser into the operating system... err, wait.

  2. Right thats it! by trash+eighty · · Score: 5, Funny

    I'm going back to Windows!!!

    1. Re:Right thats it! by Anonymous Coward · · Score: 2, Funny

      I *know*! This is just another example of how shoddy Windows is, just another buffer overflow in a long line of security travesties that is Microsoft... wait, this is KDE?

      *looks at his Kubuntu install*

      Uh... clearly this patching shows the inherent superiority of Open Source!

  3. how to apply? by Anonymous Coward · · Score: 1, Funny

    do i just make the .diff file executable and put a ./ in front when typing out the name of the file in a root shell???

  4. Queue Linux Defense Responses! by Anonymous Coward · · Score: 3, Funny

    Alright, here come the slashdot standard defense responses the moment anything is found bad about something related to Linux:

    1. Oh, but microsoft takes longer to patch
    2. But it is still more secure than windows!
    3. Ya, old news, it's already patched!
    4. And, this isn't an OS problem it's the shell, windowing, daemon, whatever etc!

    And hell yes, I will post this Anonymously as I expect this to be moded as Troll within 5 minutes and I got no karma to burn! :)