Security Vulnerabilities in KDE 2.1-3.0.4, 3.1 RC3

Paladin128 writes "The KDE Project today issued two security advisories which affect KDE versions 2.1 through KDE 3.0.4 (and also through KDE 3.1 RC3). The first advisory concerns the rlogin:// service and, for affected KDE 2.x systems, the telnet:// service. The second advisory concerns the LISa and resLISa network browsing applications. Binary packages for KDE 3.0.5 should be available by early next week (check the KDE 3.0.5 Info Page); in the interim it is recommended to disable the affected services or upgrade from the source code or patches. Read more here."

Unsecured telnet service?

[reaper20]

Man, I hope KDE fixes this, we can't have people sniffing out my packets as I telnet over the public internet. Whew!

Re:Unsecured telnet service?

[MrResistor]

A security advisement regarding telnet and rlogin does seem kind of redundant, doesn't it?

Re:Holy shit! Insecure KDE!

[betelgeuse68]

I can't understand why YOU would use GNOME when KDE exists. ;-)

The point of KDE is to provide easy access to LINUX. Not everyone in this world is interested in being a sys admin demigod in order to be able to work against their computer.

Yes, that's a bit of an extreme view, but there are many, MANY people who have difficulty even with Macintoshes and Windows boxes.

KDE is simply trying to make computing more accessible. There is nothing wrong with that.

At this point I think all *NIX desktops suck for the most part. I heavily use LINUX at the backend but for now I prefer to have a Windows XP head. I use SSH and an X server to make the entire debate irrelevant, e.g., I'm running Mozilla as I type this message yet it is displayed on my Windows XP desktop.

Depending on my mode I might fire up Cygwin's X server (with WindowMaker) or use Hummingbir's Exceed.

Ultimately it all depends what your intentions are. If you do what you need to get done, who cares about what desktop someone uses.