Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 311235 - kde-base/ksysguard-4.4.1 (?): RCE via Cross Application Scripting
Summary: kde-base/ksysguard-4.4.1 (?): RCE via Cross Application Scripting
Status: RESOLVED INVALID
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Security
URL: http://www.backtrack.it/~emgent/explo...
Whiteboard: A2? [invalid]
Keywords:
Depends on:
Blocks: 313999
  Show dependency tree
 
Reported: 2010-03-24 21:33 UTC by Stefan Behte (RETIRED)
Modified: 2010-06-05 13:33 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Stefan Behte (RETIRED) gentoo-dev Security 2010-03-24 21:33:21 UTC
RCE via Cross Application Scripting was found in ksysguard.

see $URL.
Comment 1 Andreas K. Hüttel archtester gentoo-dev 2010-05-30 19:20:50 UTC
So is this still applicable for 4.4.2 or 4.4.3 ?
Comment 2 Alex Legler (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2010-06-05 13:33:16 UTC
ksysguard lets users monitor remote machines using various transports including a custom command. That's a feature, not a bug. Users should of course only open .sgrd files from trusted sources.