FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

kdewebdev -- kommander untrusted code execution vulnerability

Affected packages
3.2,2 < kdewebdev < 3.4.0_1,2

Details

VuXML ID 91f1adc7-b3e9-11d9-a788-0001020eed82
Discovery 2005-04-20
Entry 2005-04-23
Modified 2008-08-04

A KDE Security Advisory reports:

Kommander executes without user confirmation data files from possibly untrusted locations. As they contain scripts, the user might accidentally run arbitrary code.

Impact: Remotly supplied kommander files from untrusted sources are executed without confirmation.

References

CVE Name CVE-2005-0754
URL http://www.kde.org/info/security/advisory-20050420-1.txt