KDE kdepim VCF Reader Buffer Overflow Lets Users Execute Arbitrary Commands
|
|
SecurityTracker Alert ID: 1008715 |
|
SecurityTracker URL: http://securitytracker.com/id/1008715
|
|
CVE Reference:
CAN-2003-0988
(Links to External Site)
|
Updated: Jan 15 2004
|
Original Entry Date: Jan 14 2004
|
Impact:
Execution of arbitrary code via local system, Execution of arbitrary code via network, User access via local system, User access via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): KDE 3.1.0 - 3.1.4
|
Description:
A buffer overflow vulnerability was reported in the kdepim component of KDE. A local or remote user can cause a target user to execute arbitrary commands.
It is reported that the KDE team discovered a buffer overflow in the reading of '.VCF' files. A local or remote user can create a specially crafted .VCF file that, when read by the target user's kdepim, will cause arbitrary commands to be executed on the target user's system. The commands will run with the privileges of the target user.
It is reported that file information reading is disabled by default for remote files. However, if the target user has enabled previews for remote files, then this flaw may be exploited by remote users.
The following notification timeline is provided:
15/12/2003 KDE developer Dirk Mueller discovers vulnerability.
15/12/2003 Patches for the vulnerability are applied to CVS and release preparations for KDE 3.1.5 are started.
14/01/2004 Public advisory.
|
Impact:
A user can create a VCF file that, when viewed by the target user, will cause arbitrary code to be executed on the target user's computer with the privileges of the target user.
|
Solution:
The vendor has issued a fixed version of KDE (3.1.5), available at:
http://www.kde.org/download/
A patch for KDE 3.1.4 is available at:
ftp://ftp.kde.org/pub/kde/security_patches
26469366cc393e50ff80d6dca8c74c58 post-3.1.4-kdepim-kfile-plugins.diff
As a workaround, the vendor reports that you can remove the 'kfile_vcf.desktop' file.
|
Vendor URL: www.kde.org/info/security/advisory-20040114-1.txt (Links to External Site)
|
Cause:
Boundary error
|
Underlying OS:
Linux (Any), UNIX (Any)
|
|
Message History:
This archive entry has one or more follow-up message(s) listed below.
|
Source Message Contents
|
Date: Wed, 14 Jan 2004 09:50:54 -0500
Subject: http://www.kde.org/info/security/advisory-20040114-1.txt
|
http://www.kde.org/info/security/advisory-20040114-1.txt
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
KDE Security Advisory: VCF file information reader vulnerability
Original Release Date: 2004-01-14
URL: http://www.kde.org/info/security/advisory-20040114-1.txt
0. References
1. Systems affected:
All versions of kdepim as distributed with KDE versions 3.1.0
through 3.1.4 inclusive.
2. Overview:
The KDE team has found a buffer overflow in the file
information reader of VCF files.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CAN-2003-0988 to this issue.
3. Impact:
A carefully crafted .VCF file potentially enables local attackers
to compromise the privacy of a victim's data or execute
arbitrary commands with the victim's privileges.
By default, file information reading is disabled for remote files.
However, if previews are enabled for remote files, remote
attackers may be able to compromise the victim's account.
4. Solution:
As a workaround, remove the kfile_vcf.desktop file.
Users of KDE 3.1.x are advised to upgrade to KDE 3.1.5. A patch for
KDE 3.1.4 is available for users who are unable to upgrade to
KDE 3.1.5.
5. Patch:
A patch for KDE 3.1.4 is available from
ftp://ftp.kde.org/pub/kde/security_patches :
26469366cc393e50ff80d6dca8c74c58 post-3.1.4-kdepim-kfile-plugins.diff
6. Time line and credits:
15/12/2003 KDE developer Dirk Mueller discovers vulnerability.
15/12/2003 Patches for the vulnerability are applied to CVS and
release preparations for KDE 3.1.5 are started.
14/01/2004 Public advisory.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
iD8DBQFABUiwvsXr+iuy1UoRAmf2AKC4JiwDwfDXGME6SZkTF8sVqginEgCgisjC
MLH9/a8f1cFs0iJ2ebdiShM=
=Uoit
-----END PGP SIGNATURE-----
|
|
