SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   kdepim Vendors:   KDE.org
(Turbolinux Issues Fix) KDE kdepim VCF Reader Buffer Overflow Lets Users Execute Arbitrary Commands
SecurityTracker Alert ID:  1008963
SecurityTracker URL:  http://securitytracker.com/id/1008963
CVE Reference:   CVE-2003-0988   (Links to External Site)
Date:  Feb 6 2004
Impact:   Execution of arbitrary code via local system, Execution of arbitrary code via network, User access via local system, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): KDE 3.1.0 - 3.1.4
Description:   A buffer overflow vulnerability was reported in the kdepim component of KDE. A local or remote user can cause a target user to execute arbitrary commands.

It is reported that the KDE team discovered a buffer overflow in the reading of '.VCF' files. A local or remote user can create a specially crafted .VCF file that, when read by the target user's kdepim, will cause arbitrary commands to be executed on the target user's system. The commands will run with the privileges of the target user.

It is reported that file information reading is disabled by default for remote files. However, if the target user has enabled previews for remote files, then this flaw may be exploited by remote users.

The following notification timeline is provided:

15/12/2003 KDE developer Dirk Mueller discovers vulnerability.
15/12/2003 Patches for the vulnerability are applied to CVS and release preparations for KDE 3.1.5 are started.
14/01/2004 Public advisory.

Impact:   A user can create a VCF file that, when viewed by the target user, will cause arbitrary code to be executed on the target user's computer with the privileges of the target user.
Solution:   Turbolinux has issued a fix for Turbolinux 10 Desktop:

Source Packages
Size : MD5

ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/SRPMS/kdepim-3.1.5-1.src.rpm
3316207 0cc97ebfd9eb887b44da501d4f4818a3

Binary Packages
Size : MD5

ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/kdepim-3.1.5-1.i586.rpm
2782266 3eda8516585fd991098d8386752aa790

Vendor URL:  www.kde.org/info/security/advisory-20040114-1.txt (Links to External Site)
Cause:   Boundary error
Underlying OS:  Linux (Turbo Linux)
Underlying OS Comments:  Turbolinux 10 Desktop

Message History:   This archive entry is a follow-up to the message listed below.
Jan 14 2004 KDE kdepim VCF Reader Buffer Overflow Lets Users Execute Arbitrary Commands



 Source Message Contents

Subject:  [Full-Disclosure] [TURBOLINUX SECURITY INFO] 05/Feb/2004


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

This is an announcement only email list for the x86 architecture.
============================================================
Turbolinux Security Announcement 05/Feb/2004
============================================================

The following page contains the security information of Turbolinux Inc.

- - Turbolinux Security Center
 http://www.turbolinux.com/security/

(1) kdepim -> Buffer overflow

===========================================================
* kdepim -> Buffer overflow
===========================================================

 More information :
    kdepim is a collection of Personal Information Management (PIM) tools for
    the K Desktop Enviromnent (KDE).
    The KDE team has found a buffer overflow in the file information reader of VCF files.

 Impact :
    A carefully crafted .VCF file potentially enables local attackers
    to compromise the privacy of a victim's data or execute
    arbitrary commands with the victim's privileges.

 Affected Products :
    - Turbolinux 10 Desktop

 Solution :
    Please use turbopkg(zabom) tool to apply the update.
 ---------------------------------------------
 # turbopkg
 or
 # zabom -u kdepim
 ---------------------------------------------


 <Turbolinux 10 Desktop>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/SRPMS/kdepim-3.1.5-1.src.rpm
      3316207 0cc97ebfd9eb887b44da501d4f4818a3

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/kdepim-3.1.5-1.i586.rpm
      2782266 3eda8516585fd991098d8386752aa790


 References :

 KDE Security Advisory
   http://www.kde.org/info/security/advisory-20040114-1.txt

 CVE
   [CAN-2003-0988]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0988


* You may need to update the turbopkg tool before applying the update.
Please refer to the following URL for detailed information.

 http://www.turbolinux.com/download/zabom.html
 http://www.turbolinux.com/download/zabomupdate.html

Package Update Path
http://www.turbolinux.com/update


============================================================
 * To obtain the public key

Here is the public key

 http://www.turbolinux.com/security/

 * To unsubscribe from the list

If you ever want to remove yourself from this mailing list,
  you can send a message to <server-users-e-ctl@turbolinux.co.jp> with
the word `unsubscribe' in the body (don't include the quotes).

unsubscribe

 * To change your email address

If you ever want to chage email address in this mailing list,
  you can send a message to <server-users-e-ctl@turbolinux.co.jp> with
the following command in the message body:

  chaddr 'old address' 'new address'

If you have any questions or problems, please contact
<supp_info@turbolinux.co.jp>

Thank you!

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQFAIioSK0LzjOqIJMwRAtxAAJ4jSx1xU7V0YkXWdVUpf2AAPqrEbwCePsnG
kvMSzgseizDeLxTH5qj2tjc=
=HBSS
-----END PGP SIGNATURE-----



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC