CVE-2008-1671

Publication date 28 April 2008

Last updated 24 July 2024

start_kdeinit in KDE 3.5.5 through 3.5.9, when installed setuid root, allows local users to cause a denial of service and possibly execute arbitrary code via "user-influenceable input" (probably command-line arguments) that cause start_kdeinit to send SIGUSR1 signals to other processes.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
kdelibs	8.04 LTS hardy	Fixed 4:3.5.9-0ubuntu7.1
	7.10 gutsy	Fixed 4:3.5.8-0ubuntu3.4
	7.04 feisty	Fixed 4:3.5.6-0ubuntu14.3
	6.06 LTS dapper	Not affected

How can I get the fixes?
What do statuses mean?

References

MITRE
NVD
Launchpad
Debian

Related Ubuntu Security Notices (USN)

USN-608-1
KDE vulnerability
6 May 2008

Other references

https://www.cve.org/CVERecord?id=CVE-2008-1671