Bugtraq mailing list archives
Re: [VulnWatch] 5 bugs
From: Simon Hausmann <hausmann () kde org>
Date: Mon, 15 Jul 2002 19:04:49 +0200
On Mon, Jul 15, 2002 at 12:31:51AM -0600, Kurt Seifried wrote:
From: "D4rkGr3y" <grey_1999 () mail ru> To: <bugtraq () securityfocus com>; <vulnwatch () vulnwatch org> Sent: Friday, July 12, 2002 12:35 PM Subject: [VulnWatch] 5 bugs5. KDE v.3.* Buffer overflow in file kdeCMD. Exploits: ./kdeCMD -f [129b] - system crash ./kdeCMD -f [128b] + [shellcode] - local root Bug exists in all versions, that have file "kdeCMD" (not all versions have this file).Where does this kdeCMD come from? No mention on google. No mention on kde.org. the 3.0.2 sourcecode tarballs contain no files named kdecmd (upper or lower), grepping all the source code for kdecmd (using case insensitive) returns nothing. I can only conclude you have a customized version of KDE, some strange modifications on your end or this is a hoax of some sort (?!?). Can anyone from KDE comment? Was this removed in 3.0.2? Is it some specific vendor addition?
No such program exists as part of any official KDE release nor the KDE CVS repository, to my knowledge. Simon Hausmann
Attachment:
_bin
Description:
Current thread:
- 5 bugs D4rkGr3y (Jul 12)
- Re: [VulnWatch] 5 bugs Kurt Seifried (Jul 15)
- Re: [VulnWatch] 5 bugs Simon Hausmann (Jul 15)
- Re: [VulnWatch] 5 bugs Kurt Seifried (Jul 15)