blob: 987f6fa66a746de1ec18db1f5812c2c512373127 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
|
#use wml::debian::translation-check translation="c64c044c914c257b90ff19ddc3ae3d9e1204b72d"
#<define-tag description>arbitrary program execution</define-tag>
<define-tag description>任意執行程式</define-tag>
<define-tag moreinfo>
#<p>The KDE team has <a href="http://www.kde.org/info/security/advisory-20021111-1.txt">
#discovered</a> a vulnerability in the support for various
#network protocols via the KIO. The implementation of the rlogin and telnet
#protocols allows a carefully crafted URL in an HTML page, HTML email or
#other KIO-enabled application to execute arbitrary commands on the
#system using the victim's account on the vulnerable machine.</p>
<p>KDE 團隊<a href="http://www.kde.org/info/security/advisory-20021111-1.txt">發現</a>了在 KIO 支援多個網路通訊協定時的弱點。若是在 HTML 網頁、HTML 電子郵件或其他 KIO 的應用軟體中置入一個特殊的 URL,能透過 rlogin 與 telnet 協定來利用受攻擊機器上的帳號,任意執行系統上的指令。</p>
#<p>This problem has been fixed by disabling rlogin and telnet in version
#2.2.2-13.woody.5 for the current stable distribution (woody). The old
#stable distribution (potato) is not affected since it doesn't contain
#KDE. A correction for the package in the unstable distribution (sid)
#is not yet available.</p>
<p>這個問題只要關掉 2.2.2-13.woody.5 版本中的 rlogin 與 telnet 即可。舊的穩定版 (potato) 並不受到影響,因為它不含 KDE。在開發中版本 (sid) 中的套件尚未修正。</p>
#<p>We recommend that you upgrade your kdelibs3 package immediately.</p>
<p>我們建議您立刻更換您的 kdelibs3 套件。</p>
</define-tag>
# do not modify the following line
#include "$(ENGLISHDIR)/security/2002/dsa-204.data"
# $Id$
|
