lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <200410221200.28257.mueller@kde.org>
Date: Fri, 22 Oct 2004 12:00:28 +0200
From: Dirk Mueller <mueller@....org>
To: kde-announce@....org
Cc: bugtraq@...urityfocus.com
Subject: [KDE security advisory] Multiple integer overflows in
	kpdf


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


KDE Security Advisory: kpdf integer overflows
Original Release Date: 2004-10-21
URL: http://www.kde.org/info/security/advisory-20041021-1.txt

0. References

        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0888
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0889
        CESA-2004-002 - rev 1
        CESA-2004-007 - rev 1


1. Systems affected:

        All KDE 3.2.x releases, KDE 3.3.0 and KDE 3.3.1.


2. Overview:

        Chris Evans notified the KDE security team about multiple
        integer overflow and integer arithmetic flaws in xpdf 3.0.

        These flaws, if exploited, can cause xpdf (and therefore kpdf)
        to hang using 100% CPU, crash the viewer or corrupt the
        program heap. It might be possible to execute arbitrary code.
        The Common Vulnerabilities and Exposures project assigned
        CAN-2004-0889 to this issue.

        kpdf, the KDE pdf viewer, shares code with xpdf 2.02. This
        code is significantly different from the xpdf 3.0 codebase,
        but is also affected by similiar issues. Sebastian Krahmer
        from the SUSE security team developed a patch that corrects
        integer overflows in the XRef code. This patch is made
        available below for kpdf as shipped in the KDE 3.2.x
        releases. The Common Vulnerabilities and Exposures project
        assigned CAN-2004-0888 to this issue.

        KDE 3.3.1 contains a kpdf based on xpdf 3.0. We're providing
        a patch to fix the remaining integer overflows in this code
        base.


3. Impact:

        Remotely supplied pdf files can be used to execute arbitrary
        code on the client machine.


4. Solution:

        Source code patches have been made available which fix these
        vulnerabilities. Contact your OS vendor / binary package provider
        for information about how to obtain updated binary packages.


5. Patch:

        Patch for KDE 3.2.3 is available from 
        ftp://ftp.kde.org/pub/kde/security_patches :

        4f854adb507f4d04e997702e44ffc2ea  post-3.2.3-kdegraphics.diff

        Patch for KDE 3.3.1 is available from 
        ftp://ftp.kde.org/pub/kde/security_patches :

        651fba579516ea947fbefee373f40a6c  post-3.3.1-kdegraphics.diff


6. Time line and credits:

        01/09/2004 KDE Security Team alerted by Chris Evans
        08/09/2004 Chris Evans finds similiar issues in the xpdf 2.02 
                   codebase which is used by all released kpdf versions.
        24/09/2004 Patch to fix the found issues in xpdf 2.02 developed
                   by Sebastian Krahmer of SUSE security.
        12/10/2004 KDE 3.3.1 release upgrading kpdf to xpdf 3.0 codebase
        21/10/2004 Public disclosure


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)

iD8DBQFBeNjuvsXr+iuy1UoRAgXEAKCyqD9e6Il8jViYG8//uFHb/JU/fwCgh7LA
dz8kOMiHCZ0acisGJwLJSwc=
=zbH6
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ