Yes. I saw the posting to the kde list by Alan Cox, I believe it was. I wonder if you, or another Debianite, could tell me just how easy it would be to attach to a tcp port and send/recv commands to take advantage of that security hole? I know a programmer would have no trouble exploiting this. What about the common Joe?
And don't flame me. I think it should be fixed as well, ofcourse. I just want to get an idea of how threatening it is. If anybody can do it by telneting to the tcp port that's a major problem. If it takes a special program to take advantage of it, then that's not something I would expect to see happen to me before the fix is done. I didn't get the whole dialog that Alan and he were having but I assume the guy will make haste in fixing the problem after being shot down like that. Evidently he didn't know Alan was a kernel developer. Anyway, thanks for the info. I got it from incoming at master. On 6 May 1997, Steve Dunham wrote: > Rick Jones <[EMAIL PROTECTED]> writes: > > > What package is libgif2 in? It's needed to install the kde packages. > > You know there is a huge security hole in kfm....(which the author > apparently doesn't care to fix...) It uses a tcp socket to send > commands (like delete file) to it's slave processes...So essentially > (if you're on the net) anyone in the world can delete files on your > machine... > > "libgif2" is the name of the package. Look for it in > hamm/hamm/binary-i386/devel > (I don't know if it's been installed yet.) > > > Steve > [EMAIL PROTECTED] > --Rick [EMAIL PROTECTED] -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .
