Executive Summary
Summary | |
---|---|
Title | New kdelibs packages fix buffer overflow |
Informations | |||
---|---|---|---|
Name | DSA-948 | First vendor Publication | 2005-01-20 |
Vendor | Debian | Last vendor Modification | 2005-01-20 |
Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 7.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Maksim Orlovich discovered that the kjs Javascript interpreter, used in the Konqueror web browser and in other parts of KDE, performs insufficient bounds checking when parsing UTF-8 encoded Uniform Resource Identifiers, which may lead to a heap based buffer overflow and the execution of arbitrary code. The old stable distribution (woody) is not affected by this problem. For the stable distribution (sarge) this problem has been fixed in version 3.3.2-6.4 For the unstable distribution (sid) this problem will be fixed soon. We recommend that you upgrade your kdelibs package. |
Original Source
Url : http://www.debian.org/security/2005/dsa-948 |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:11858 | |||
Oval ID: | oval:org.mitre.oval:def:11858 | ||
Title: | Heap-based buffer overflow in the encodeURI and decodeURI functions in the kjs JavaScript interpreter engine in KDE 3.2.0 through 3.5.0 allows remote attackers to execute arbitrary code via a crafted, UTF-8 encoded URI. | ||
Description: | Heap-based buffer overflow in the encodeURI and decodeURI functions in the kjs JavaScript interpreter engine in KDE 3.2.0 through 3.5.0 allows remote attackers to execute arbitrary code via a crafted, UTF-8 encoded URI. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2006-0019 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2009-10-10 | Name : SLES9: Security update for kdelibs3 File : nvt/sles9p5012516.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200601-11 (KDE) File : nvt/glsa_200601_11.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 948-1 (kdelibs) File : nvt/deb_948_1.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2006-045-05 kdelibs File : nvt/esoft_slk_ssa_2006_045_05.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
22659 | KDE kjs UTF-8 Encoded URI Processing Overflow A remote overflow exists in KDE. "kjs" fails to perform correct boundary checking when decoding UTF8-encoded javascript resulting in a heap overflow. With a specially crafted request, an attacker can execute arbitreaty code resulting in a loss of integrity. |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2006-10-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-948.nasl - Type : ACT_GATHER_INFO |
2006-07-05 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2006-0184.nasl - Type : ACT_GATHER_INFO |
2006-02-15 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2006-045-05.nasl - Type : ACT_GATHER_INFO |
2006-01-23 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200601-11.nasl - Type : ACT_GATHER_INFO |
2006-01-22 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2006-019.nasl - Type : ACT_GATHER_INFO |
2006-01-21 | Name : The remote Fedora Core host is missing a security update. File : fedora_2006-050.nasl - Type : ACT_GATHER_INFO |
2006-01-21 | Name : The remote host is missing a vendor-supplied security patch File : suse_SA_2006_003.nasl - Type : ACT_GATHER_INFO |
2006-01-21 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-245-1.nasl - Type : ACT_GATHER_INFO |
2006-01-20 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2006-0184.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:34:50 |
|