Open source bundle has "critical" hole

Konqueror and more affected, says FrSIRT

By Joris Evers, 23 January 2006 09:08

NEWS

A serious vulnerability has been found in the popular KDE open source software bundle.

The flaw, deemed "critical" by the research outfit the French Security Incident Response Team (FrSIRT), could allow a remote attacker to gain control over vulnerable systems.

KDE is a desktop software package for Linux and Unix systems and includes the Konqueror web browser and other applications.

The vulnerability lies in the JavaScript interpreter engine used by Konqueror and other parts of KDE, according to a security advisory posted on Thursday.

An attacker could craft a special UTF-8 encoded URI sequence to exploit the flaw, according to the advisory. For an attack to be successful, a person would have to visit the attacker's web page using Konqueror, the FrSIRT said in its alert. KDE 3.2.0 up to and including KDE 3.5.0 are affected. Fixes are available.

Joris Evers writes for CNET News.com

Post your comment

In order to post a comment you need to be registered and logged in.

Log in or create your silicon.com account below

Will not be displayed with your comment

By signing up for this service, you indicate that you agree to our Terms and Conditions and have read and understood our Privacy Policy.

Questions about membership? Find the answers in the Membership FAQ