[25552] in bugtraq
Re: route of #phrack is a funny man!
daemon@ATHENA.MIT.EDU (George Staikos)
Fri May 24 09:26:03 2002
From: George Staikos <staikos@kde.org>
To: gobbles@hushmail.com, bugtraq@securityfocus.com
Date: Thu, 23 May 2002 22:09:22 -0400
In-Reply-To: <200205211549.g4LFnlg99808@mailserver4.hushmail.com>
MIME-Version: 1.0
Content-Disposition: inline
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
Message-Id: <200205232209.22434.staikos@kde.org>
On May 21, 2002 11:49, gobbles@hushmail.com wrote:
> Vulnerable
> **********
> KDE 1 - all platforms
> KDE 2 - all platforms
> KDE 3 - all platforms
[...]
> Problem
> *******
>
> A formatstring vulnerability exist in many talkd implementations.
A patch for this has been in KDE CVS since 5pm EDT 05/21/02. Thanks to
Waldo Bastian for the quick work. It is patched in the KDE_2_2_BRANCH,
KDE_3_0_BRANCH and HEAD branch. There are other problems with this code and
we recommend not using it. In particular, users of older KDE versions should
disable ktalkd entirely.
The just-released KDE 3.0.1 does not contain this fix since we were
unaware of it when we sent the source out to the packagers.
