KDE kjs Engine Buffer Overflow Lets Remote Users Execute Arbitrary Code
|
|
SecurityTracker Alert ID: 1015512
|
|
SecurityTracker URL: http://securitytracker.com/id?1015512
|
|
CVE Reference: CVE-2006-0019
(Links to External Site)
|
Date: Jan 19 2006
|
Impact: Execution of arbitrary code via network, User access via network
|
Fix Available: Yes
Vendor Confirmed: Yes
|
Advisory: KDE Security Advisory
|
Version(s): 3.2.0 up to including 3.5.0
|
Description: A vulnerability was reported in KDE in the kjs JavaScript interpreter engine. A remote user can cause arbitrary code to be executed on the target system.
The kjs engine's encodeuri() and decodeuri() functions contain a heap overflow that can be triggered when decoding specially crafted
UTF-8 encoded URI sequences. A remote user can create JavaScript in HTML that, when loaded by the target user, will execute arbitrary
code on the target user's system.
Maksim Orlovich discovered this vulnerability.
|
Impact: A remote user can create HTML that, when loaded by the target user, will execute arbitrary code on the target user's system.
|
Solution: The vendor has issued the following patches.
Patch for KDE 3.4.0 - 3.5.0 is available from
ftp://ftp.kde.org/pub/kde/security_patches
:
ecc0ec13ce3b06e94e35aa8e937e02bf post-3.4.3-kdelibs-kjs.diff
Patch for KDE 3.2.0 - 3.3.2 is available from
ftp://ftp.kde.org/pub/kde/security_patches
:
9bca9b44ca2d84e3b2f85ffb5d30e047 post-3.2.3-kdelibs-kjs.diff
The vendor's advisory is available at:
http://www.kde.org/info/security/advisory-20060119
-1.txt
|
Vendor URL: www.kde.org/info/security/advisory-20060119-1.txt (Links to External Site)
|
Cause: Boundary error
|
Underlying OS: Linux (Any)
|
|
Message History:
This archive entry has one or more follow-up message(s) listed below.
|
Source Message Contents
|
Date: Thu, 19 Jan 2006 15:50:20 -0500
Subject: http://www.kde.org/info/security/advisory-20060119-1.txt
|
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
KDE Security Advisory: kjs encodeuri/decodeuri heap overflow vulnerability
Original Release Date: 2006-01-19
URL: http://www.kde.org/info/security/advisory-20060119-1.txt
0. References
CVE-2006-0019
1. Systems affected:
KDE 3.2.0 up to including KDE 3.5.0
2. Overview:
Maksim Orlovich discovered an incorrect bounds check in kjs,
the JavaScript interpreter engine used by Konqueror and other
parts of KDE, that allows a heap based buffer overflow
when decoding specially crafted UTF-8 encoded URI sequences.
3. Impact:
Remotely supplied Javascript code can perform a heap overflow
and crash the web browser or execute arbitrary code.
4. Solution:
Source code patches have been made available which fix these
vulnerabilities. Contact your OS vendor / binary package provider
for information about how to obtain updated binary packages.
5. Patch:
Patch for KDE 3.4.0 - 3.5.0 is available from
ftp://ftp.kde.org/pub/kde/security_patches :
ecc0ec13ce3b06e94e35aa8e937e02bf post-3.4.3-kdelibs-kjs.diff
Patch for KDE 3.2.0 - 3.3.2 is available from
ftp://ftp.kde.org/pub/kde/security_patches :
9bca9b44ca2d84e3b2f85ffb5d30e047 post-3.2.3-kdelibs-kjs.diff
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
iD8DBQFDz7rnvsXr+iuy1UoRArVYAJ9kKtfYEN5eeGwWte5bdQYG8ERJzQCgmmUl
/D5h2/3xq+vdxpiEndj+4W8=
=iKoQ
-----END PGP SIGNATURE-----
|
|
