Bugtraq mailing list archives

Re: [VulnWatch] 5 bugs

From: "Kurt Seifried" <kurt () seifried org>
Date: Mon, 15 Jul 2002 00:31:51 -0600

From: "D4rkGr3y" <grey_1999 () mail ru>
To: <bugtraq () securityfocus com>; <vulnwatch () vulnwatch org>
Sent: Friday, July 12, 2002 12:35 PM
Subject: [VulnWatch] 5 bugs

5. KDE v.3.*
Buffer overflow in file kdeCMD.
Exploits:
./kdeCMD -f [129b] - system crash
./kdeCMD -f [128b] + [shellcode] - local root
Bug exists in all versions, that have file "kdeCMD" (not all versions
have this file).


Where does this kdeCMD come from? No mention on google. No mention on
kde.org. the 3.0.2 sourcecode tarballs contain no files named kdecmd (upper
or
lower), grepping all the source code for kdecmd (using case insensitive)
returns
nothing. I can only conclude you have a customized version of KDE, some
strange modifications on your end or this is a hoax of some sort (?!?).

Can anyone from KDE comment? Was this removed in 3.0.2? Is it some specific
vendor addition?

Kurt Seifried, kurt () seifried org
A15B BEE5 B391 B9AD B0EF
AEB0 AD63 0B4E AD56 E574
http://seifried.org/security/

Current thread:

5 bugs D4rkGr3y (Jul 12)
- Re: [VulnWatch] 5 bugs Kurt Seifried (Jul 15)
  - Re: [VulnWatch] 5 bugs Simon Hausmann (Jul 15)