Security Advisory: [KDE Security Advisory] Buffer overflow in fliccd of kdeedu/kstars/indi

[EN] securityvulns.ru
no-pyccku

Related information
  KDE fliccd (INDI support) buffer overflows

From: KDE
Date: 16.02.2005
Subject: [KDE Security Advisory] Buffer overflow in fliccd of kdeedu/kstars/indi

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

KDE Security Advisory: Buffer overflow in fliccd of kdeedu/kstars/indi
Original Release Date: 2005-02-15
URL: http://www.kde.org/info/security/advisory-20050215-1.txt

0. References

       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0011

1. Systems affected:

       KDE 3.3 up to including KDE 3.3.2.

2. Overview:

       KStars includes support for the Instrument Neutral Distributed
       Interface (INDI). The build system of this extra 3rd party
       software contained an installation hook to install fliccd (part
       of INDI) as SUID root application.

       Erik Sjölund discovered that the code contains several
       vulnerabilities that allow stack based buffer overflows.

3. Impact:

       If the fliccd binary is installed as suid root, it enables root
       privilege escalation for local users, or, if the daemon is
       actually running (which it does not by default) and is running
       as root, remote root privilege escalation.

4. Solution:

       Source code patches have been made available which fix these
       vulnerabilities. Contact your OS vendor / binary package provider
       for information about how to obtain updated binary packages.

5. Patch:

       A patch for 3.3.2 is available from
       ftp://ftp.kde.org/pub/kde/security_patches :

       2b9c8330bec2c0dc6669ccc40b24dd70 post-3.3.2-kdeedu-kstars.diff

6. Time line and credits:
       05/01/2005 Erik Sjölund notifies Debian Security.
       07/01/2005 Martin Schulze from the Debian Security team
                   notifies KDE security team about the vulnerabilities.
       09/01/2005 Dirk Mueller from KDE security team develops
                   a patch that addresses the discovered and similiar
                   vulnerabilities. Contacting Jasem Mutlaq, the
                   author of INDI.
       21/01/2005 Regressions are discovered with the patch and
                   subsequently fixed over the next few days.
       15/02/2005 Coordinated public disclosure.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)

iD8DBQFCEpTIvsXr+iuy1UoRAjqIAJ4gRvZO0g5nZjsfa25LQzSLMna1eQCcCJAR
ZZTMQECYLAq8/wM0wjxW3aM=
=LR+u
-----END PGP SIGNATURE-----

test server