[Konversation-devel] Re: konversation security bugs
Ismail Donmez
ismail at kde.org.tr
Thu Jan 20 12:35:09 CET 2005
On Thursday 20 January 2005 13:31, Ismail Donmez wrote:
> On Thursday 20 January 2005 12:46, Waldo Bastian wrote:
> > * Evaluate the actual impact of the listed problems, can they be used by
> > a bad guy to do harm? How?
>
> Using a special crafted channel name and making user join it one can do two
> things :
>
> - Execute one word commands like can run "kwrite","ls" etc but can't run
> "ls -al","rm -rf" etc due to the fact that channel names can't contain
> spaces
Ok I said two things and only said one. User might also be tricked into
showing his password for connection in his quit message.
Regards,
ismail
More information about the Konversation-devel
mailing list