Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/glsa-200502-23.xml
blob: a614f07471bafe384bd13a46cc5f884161194fad (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64

<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200502-23">
  <title>KStars: Buffer overflow in fliccd</title>
  <synopsis>
    KStars is vulnerable to a buffer overflow that could lead to arbitrary code
    execution with elevated privileges.
  </synopsis>
  <product type="ebuild">kstars</product>
  <announced>2005-02-16</announced>
  <revised count="01">2005-02-16</revised>
  <bug>79585</bug>
  <access>remote and local</access>
  <affected>
    <package name="kde-base/kdeedu" auto="yes" arch="*">
      <unaffected range="ge">3.3.2-r1</unaffected>
      <vulnerable range="lt">3.3.2-r1</vulnerable>
    </package>
  </affected>
  <background>
    <p>
    KDE is a feature-rich graphical desktop environment for Linux and
    Unix-like Operating Systems. KStars is a desktop planetarium for KDE.
    It includes support for the Instrument Neutral Distributed Interface
    (INDI).
    </p>
  </background>
  <description>
    <p>
    Erik Sjolund discovered a buffer overflow in fliccd which is part
    of the INDI support in KStars.
    </p>
  </description>
  <impact type="high">
    <p>
    An attacker could exploit this vulnerability to execute code with
    elevated privileges. If fliccd does not run as daemon remote
    exploitation of this vulnerability is not possible. KDE as shipped by
    Gentoo does not start the daemon in the default installation.
    </p>
  </impact>
  <workaround>
    <p>
    There is no known workaround at this time.
    </p>
  </workaround>
  <resolution>
    <p>
    All KStars users should upgrade to the latest version:
    </p>
    <code>
    # emerge --sync
    # emerge --ask --oneshot --verbose "&gt;=kde-base/kdeedu-3.3.2-r1"</code>
  </resolution>
  <references>
    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0011">CAN-2005-0011</uri>
  </references>
  <metadata tag="submitter" timestamp="2005-02-15T06:01:05Z">
    jaervosz
  </metadata>
  <metadata tag="bugReady" timestamp="2005-02-16T20:27:57Z">
    jaervosz
  </metadata>
</glsa>