Vigil@nce - KDE Plasma: two vulnerabilities of ScreenLocker
February 2015 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can use several vulnerabilities of ScreenLocker of KDE
Plasma.
Impacted products: Unix (platform)
Severity: 2/4
Creation date: 19/01/2015
DESCRIPTION OF THE VULNERABILITY
Several vulnerabilities were announced in KDE Plasma.
An attacker can invite the victim to install a malicious Look and
Feel package, in order to capture his password and to send it via
the network with QtQuick. [severity:2/4; CVE-2015-1307]
An attacker can create an X11 client which captures the password
entered to unlock the screen. [severity:2/4; CVE-2015-1308]
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/KDE-Plasma-two-vulnerabilities-of-ScreenLocker-15998