lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <200502160234.04250.mueller@kde.org>
Date: Wed, 16 Feb 2005 02:34:03 +0100
From: Dirk Mueller <mueller@....org>
To: bugtraq@...urityfocus.com
Subject: [KDE Security Advisory] Buffer overflow in fliccd of kdeedu/kstars/indi


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


KDE Security Advisory: Buffer overflow in fliccd of kdeedu/kstars/indi
Original Release Date: 2005-02-15
URL: http://www.kde.org/info/security/advisory-20050215-1.txt


0. References

        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0011


1. Systems affected:

        KDE 3.3 up to including KDE 3.3.2.


2. Overview:

        KStars includes support for the Instrument Neutral Distributed
        Interface (INDI). The build system of this extra 3rd party
        software contained an installation hook to install fliccd (part
        of INDI) as SUID root application. 

        Erik Sjölund discovered that the code contains several
        vulnerabilities that allow stack based buffer overflows.


3. Impact:

        If the fliccd binary is installed as suid root, it enables root
        privilege escalation for local users, or, if the daemon is
        actually running (which it does not by default) and is running
        as root, remote root privilege escalation.


4. Solution:

        Source code patches have been made available which fix these
        vulnerabilities. Contact your OS vendor / binary package provider
        for information about how to obtain updated binary packages.


5. Patch:

        A patch for 3.3.2 is available from 
        ftp://ftp.kde.org/pub/kde/security_patches :

        2b9c8330bec2c0dc6669ccc40b24dd70  post-3.3.2-kdeedu-kstars.diff



6. Time line and credits:
        05/01/2005  Erik Sjölund notifies Debian Security.
        07/01/2005  Martin Schulze from the Debian Security team 
                    notifies KDE security team about the vulnerabilities.
        09/01/2005  Dirk Mueller from KDE security team develops
                    a patch that addresses the discovered and similiar
                    vulnerabilities. Contacting Jasem Mutlaq, the
                    author of INDI.
        21/01/2005  Regressions are discovered with the patch and
                    subsequently fixed over the next few days.
        15/02/2005  Coordinated public disclosure.


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)

iD8DBQFCEpTIvsXr+iuy1UoRAjqIAJ4gRvZO0g5nZjsfa25LQzSLMna1eQCcCJAR
ZZTMQECYLAq8/wM0wjxW3aM=
=LR+u
-----END PGP SIGNATURE-----


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ