[KDE Security Advisory] Buffer overflow in fliccd of kdeedu/kstars/indi

2005-02-1600:00:00

vulners.com

EPSS

0.007

Percentile

81.1%

JSON

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

KDE Security Advisory: Buffer overflow in fliccd of kdeedu/kstars/indi
Original Release Date: 2005-02-15
URL: http://www.kde.org/info/security/advisory-20050215-1.txt

References

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0011

Systems affected:
```
 KDE 3.3 up to including KDE 3.3.2.
```

Overview:

 KStars includes support for the Instrument Neutral Distributed
 Interface &#40;INDI&#41;. The build system of this extra 3rd party
 software contained an installation hook to install fliccd &#40;part
 of INDI&#41; as SUID root application. 

 Erik Sj&#246;lund discovered that the code contains several
 vulnerabilities that allow stack based buffer overflows.

Impact:

 If the fliccd binary is installed as suid root, it enables root
 privilege escalation for local users, or, if the daemon is
 actually running &#40;which it does not by default&#41; and is running
 as root, remote root privilege escalation.

Solution:

 Source code patches have been made available which fix these
 vulnerabilities. Contact your OS vendor / binary package provider
 for information about how to obtain updated binary packages.

Patch:

 A patch for 3.3.2 is available from 
 ftp://ftp.kde.org/pub/kde/security_patches :

 2b9c8330bec2c0dc6669ccc40b24dd70  post-3.3.2-kdeedu-kstars.diff

Time line and credits:
05/01/2005 Erik Sjölund notifies Debian Security.
07/01/2005 Martin Schulze from the Debian Security team
notifies KDE security team about the vulnerabilities.
09/01/2005 Dirk Mueller from KDE security team develops
a patch that addresses the discovered and similiar
vulnerabilities. Contacting Jasem Mutlaq, the
author of INDI.
21/01/2005 Regressions are discovered with the patch and
subsequently fixed over the next few days.
15/02/2005 Coordinated public disclosure.