Re: [VulnWatch] 5 bugs
From: Kurt Seifried (kurt@seifried.org)Date: 07/15/02
- Previous message: Pete Davis: "Re: Cisco VPN3000 gateway MTU overflow"
- In reply to: D4rkGr3y: "5 bugs"
- Next in thread: Simon Hausmann: "Re: [VulnWatch] 5 bugs"
- Reply: Simon Hausmann: "Re: [VulnWatch] 5 bugs"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Kurt Seifried" <kurt@seifried.org> To: <bugtraq@securityfocus.com>, <vulnwatch@vulnwatch.org> Date: Mon, 15 Jul 2002 00:31:51 -0600
From: "D4rkGr3y" <grey_1999@mail.ru>
To: <bugtraq@securityfocus.com>; <vulnwatch@vulnwatch.org>
Sent: Friday, July 12, 2002 12:35 PM
Subject: [VulnWatch] 5 bugs
> 5. KDE v.3.*
> Buffer overflow in file kdeCMD.
> Exploits:
> ./kdeCMD -f [129b] - system crash
> ./kdeCMD -f [128b] + [shellcode] - local root
> Bug exists in all versions, that have file "kdeCMD" (not all versions
> have this file).
Where does this kdeCMD come from? No mention on google. No mention on
kde.org. the 3.0.2 sourcecode tarballs contain no files named kdecmd (upper
or
lower), grepping all the source code for kdecmd (using case insensitive)
returns
nothing. I can only conclude you have a customized version of KDE, some
strange modifications on your end or this is a hoax of some sort (?!?).
Can anyone from KDE comment? Was this removed in 3.0.2? Is it some specific
vendor addition?
Kurt Seifried, kurt@seifried.org
A15B BEE5 B391 B9AD B0EF
AEB0 AD63 0B4E AD56 E574
http://seifried.org/security/
- Previous message: Pete Davis: "Re: Cisco VPN3000 gateway MTU overflow"
- In reply to: D4rkGr3y: "5 bugs"
- Next in thread: Simon Hausmann: "Re: [VulnWatch] 5 bugs"
- Reply: Simon Hausmann: "Re: [VulnWatch] 5 bugs"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
