Re: [VulnWatch] 5 bugs
From: Simon Hausmann (hausmann@kde.org)Date: 07/15/02
- Previous message: Mark A. Rowe (PenTest): "[VulnWatch] Tivoli TMF ManagedNode Buffer Overflow"
- Maybe in reply to: D4rkGr3y: "[VulnWatch] 5 bugs"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 15 Jul 2002 19:04:49 +0200 From: Simon Hausmann <hausmann@kde.org> To: Kurt Seifried <kurt@seifried.org>
On Mon, Jul 15, 2002 at 12:31:51AM -0600, Kurt Seifried wrote:
> From: "D4rkGr3y" <grey_1999@mail.ru>
> To: <bugtraq@securityfocus.com>; <vulnwatch@vulnwatch.org>
> Sent: Friday, July 12, 2002 12:35 PM
> Subject: [VulnWatch] 5 bugs
>
>
> > 5. KDE v.3.*
> > Buffer overflow in file kdeCMD.
> > Exploits:
> > ./kdeCMD -f [129b] - system crash
> > ./kdeCMD -f [128b] + [shellcode] - local root
> > Bug exists in all versions, that have file "kdeCMD" (not all versions
> > have this file).
>
> Where does this kdeCMD come from? No mention on google. No mention on
> kde.org. the 3.0.2 sourcecode tarballs contain no files named kdecmd (upper
> or
> lower), grepping all the source code for kdecmd (using case insensitive)
> returns
> nothing. I can only conclude you have a customized version of KDE, some
> strange modifications on your end or this is a hoax of some sort (?!?).
>
> Can anyone from KDE comment? Was this removed in 3.0.2? Is it some specific
> vendor addition?
No such program exists as part of any official KDE release nor the
KDE CVS repository, to my knowledge.
Simon Hausmann
- application/pgp-signature attachment: stored
- Previous message: Mark A. Rowe (PenTest): "[VulnWatch] Tivoli TMF ManagedNode Buffer Overflow"
- Maybe in reply to: D4rkGr3y: "[VulnWatch] 5 bugs"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
