漏洞信息详情
KDE个人信息管理套件VCF文件远程缓冲区溢出漏洞
- CNNVD编号:CNNVD-200402-052 <!--
- 危害等级: 高危-->
- 危害等级: 高危
- CVE编号: CVE-2003-0988
- 漏洞类型: 边界条件错误
- 发布时间: 2004-01-15
- 威胁类型: 远程
- 更新时间: 2005-05-13
- 厂 商: kde
- 漏洞来源: KDE security advis...
-
漏洞简介
KDE是一款免费开放源代码X桌面管理程序,KDE个人信息管理程序(kdepim)套件帮助用户管理EMAIL,任务和联系人等信息。 kdepim程序在处理VCF文件信息头时存在缓冲区溢出,远程攻击者可以利用这个漏洞构建恶意VCF文件,诱使用户打开而可能以进程权限执行任意指令。 目前没有详细漏洞细节提供。
漏洞公告
厂商补丁: Conectiva --------- http://www.debian.org/security/2003/dsa-238 Debian ------ Debian已经为此发布了一个安全公告(DSA-238-1)以及相应补丁:
DSA-238-1:New kdepim packages fix several vulnerabilities
链接: http://www.debian.org/security/2002/dsa-238
补丁下载:
Source archives:
http://security.debian.org/pool/updates/main/k/kdepim/kdepim_2.2.2-5.2.dsc
Size/MD5 checksum: 817 3a9b6d07e71b4a78fff95f1e0d5f3df1
http://security.debian.org/pool/updates/main/k/kdepim/kdepim_2.2.2-5.2.diff.gz
Size/MD5 checksum: 104449 81c061d65307d74cb877766b57b22693
http://security.debian.org/pool/updates/main/k/kdepim/kdepim_2.2.2.orig.tar.gz
Size/MD5 checksum: 2426387 e090f1aad8ebd1a3ea1ecd42d51532f9
Alpha architecture:
http://security.debian.org/pool/updates/main/k/kdepim/kandy_2.2.2-5.2_alpha.deb
Size/MD5 checksum: 109240 6c5235a3331c8d3a774f7830e048f3d8
http://security.debian.org/pool/updates/main/k/kdepim/kdepim-dev_2.2.2-5.2_alpha.deb
Size/MD5 checksum: 22648 3a055bcaee8f6f88afe80b30e6f2211d
http://security.debian.org/pool/updates/main/k/kdepim/kdepim-libs_2.2.2-5.2_alpha.deb
Size/MD5 checksum: 456832 578b1f4eac0aebac76e90fe4010fcfb9
http://security.debian.org/pool/updates/main/k/kdepim/korganizer_2.2.2-5.2_alpha.deb
Size/MD5 checksum: 716432 50b9d71558a64615f1392cbe93033355
http://security.debian.org/pool/updates/main/k/kdepim/kpilot_2.2.2-5.2_alpha.deb
Size/MD5 checksum: 824996 27aa213fa013720f5f5a926aed891845
ARM architecture:
http://security.debian.org/pool/updates/main/k/kdepim/kandy_2.2.2-5.2_arm.deb
Size/MD5 checksum: 84314 8fbc92a65edc80b03d56629677366371
http://security.debian.org/pool/updates/main/k/kdepim/kdepim-dev_2.2.2-5.2_arm.deb
Size/MD5 checksum: 22646 7d035230f1ea1179e69ea25b167c7a96
http://security.debian.org/pool/updates/main/k/kdepim/kdepim-libs_2.2.2-5.2_arm.deb
Size/MD5 checksum: 362892 5261b05a017c810ec3a59aecb937f0b2
http://security.debian.org/pool/updates/main/k/kdepim/korganizer_2.2.2-5.2_arm.deb
Size/MD5 checksum: 620202 c638b1d0ff98cd9d78ca3bb8ddebabee
http://security.debian.org/pool/updates/main/k/kdepim/kpilot_2.2.2-5.2_arm.deb
Size/MD5 checksum: 724560 b4cb3ab202e12b3e4ce1180280b7b7c4
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/k/kdepim/kandy_2.2.2-5.2_i386.deb
Size/MD5 checksum: 84642 1cde319e7dc3939d6de153ebf9128140
http://security.debian.org/pool/updates/main/k/kdepim/kdepim-dev_2.2.2-5.2_i386.deb
Size/MD5 checksum: 22638 072fc2043003c57ee1288b461fe5080e
http://security.debian.org/pool/updates/main/k/kdepim/kdepim-libs_2.2.2-5.2_i386.deb
Size/MD5 checksum: 359282 60abc8750287b7acd90aea5f96ad681c
http://security.debian.org/pool/updates/main/k/kdepim/korganizer_2.2.2-5.2_i386.deb
Size/MD5 checksum: 598284 3272ea2762c45f9a97c868433750bf6c
http://security.debian.org/pool/updates/main/k/kdepim/kpilot_2.2.2-5.2_i386.deb
Size/MD5 checksum: 718354 6195ea202df4bf7895e4ab1d4ea6599c
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/k/kdepim/kandy_2.2.2-5.2_ia64.deb
Size/MD5 checksum: 127432 1e767af46b537f450c90b90a57838b75
http://security.debian.org/pool/updates/main/k/kdepim/kdepim-dev_2.2.2-5.2_ia64.deb
Size/MD5 checksum: 22638 03c37216be4a1abb7dafe8b2a50f03aa
http://security.debian.org/pool/updates/main/k/kdepim/kdepim-libs_2.2.2-5.2_ia64.deb
Size/MD5 checksum: 570572 f08e48aa1974ed09b0a6c47755ce67d0
http://security.debian.org/pool/updates/main/k/kdepim/korganizer_2.2.2-5.2_ia64.deb
Size/MD5 checksum: 835716 bec4be6dd27d531d6fb750dbbdb1c46b
http://security.debian.org/pool/updates/main/k/kdepim/kpilot_2.2.2-5.2_ia64.deb
Size/MD5 checksum: 934750 4e99292ff76e5a479493334e08fc9130
Motorola 680x0 architecture:
http://security.debian.org/pool/updates/main/k/kdepim/kandy_2.2.2-5.2_m68k.deb
Size/MD5 checksum: 83214 757f6ab819882d9e343d6ce0d89188ef
http://security.debian.org/pool/updates/main/k/kdepim/kdepim-dev_2.2.2-5.2_m68k.deb
Size/MD5 checksum: 22654 b5ed90d92e9b2c7129e63b37e62ef621
http://security.debian.org/pool/updates/main/k/kdepim/kdepim-libs_2.2.2-5.2_m68k.deb
Size/MD5 checksum: 358008 6f392d9a4d5b2023bd3e07d1f7b76c75
http://security.debian.org/pool/updates/main/k/kdepim/korganizer_2.2.2-5.2_m68k.deb
Size/MD5 checksum: 603922 607c929b8cef38dc36a80afb052b0c35
http://security.debian.org/pool/updates/main/k/kdepim/kpilot_2.2.2-5.2_m68k.deb
Size/MD5 checksum: 718006 daa16707658d414cfdca7fe733ef0d52
Big endian MIPS architecture:
参考网址
来源:US-CERT Vulnerability Note: VU#820798 名称: VU#820798 链接:http://www.kb.cert.org/vuls/id/820798 来源: BID 名称: 9419 链接:http://www.securityfocus.com/bid/9419 来源: REDHAT 名称: RHSA-2004:005 链接:http://www.redhat.com/support/errata/RHSA-2004-005.html 来源: www.kde.org 链接:http://www.kde.org/info/security/advisory-20040114-1.txt 来源: BUGTRAQ 名称: 20040114 KDE Security Advisory: VCF file information reader vulnerability 链接:http://marc.theaimsgroup.com/?l=bugtraq&m=107412130407906&w=2 来源: XF 名称: kde-kdepim-bo(14833) 链接:http://xforce.iss.net/xforce/xfdb/14833 来源: REDHAT 名称: RHSA-2004:006 链接:http://www.redhat.com/support/errata/RHSA-2004-006.html 来源: MANDRAKE 名称: MDKSA-2004:003 链接:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:003 来源: GENTOO 名称: GLSA-200404-02 链接:http://security.gentoo.org/glsa/glsa-200404-02.xml 来源: CONECTIVA 名称: CLA-2004:810 链接:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000810 来源: US Government Resource: oval:org.mitre.oval:def:865 名称: oval:org.mitre.oval:def:865 链接:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:865 来源: US Government Resource: oval:org.mitre.oval:def:858 名称: oval:org.mitre.oval:def:858 链接:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:858
受影响实体
- Kde Kde:3.1.3<!--2000-1-1-->
- Kde Kde:3.1.2<!--2000-1-1-->
- Kde Kde:3.1.1<!--2000-1-1-->
- Kde Kde:3.1.0<!--2000-1-1-->
补丁
暂无
还没有评论,来说两句吧...