|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Simon Hausmann (hausmann_at_kde.org)
Date: Mon Jul 15 2002 - 12:04:49 CDT
On Mon, Jul 15, 2002 at 12:31:51AM -0600, Kurt Seifried wrote:
> From: "D4rkGr3y" <grey_1999
mail.ru>
> To: <bugtraqsecurityfocus.com>; <vulnwatchvulnwatch.org>
> Sent: Friday, July 12, 2002 12:35 PM
> Subject: [VulnWatch] 5 bugs
>
>
> > 5. KDE v.3.*
> > Buffer overflow in file kdeCMD.
> > Exploits:
> > ./kdeCMD -f [129b] - system crash
> > ./kdeCMD -f [128b] + [shellcode] - local root
> > Bug exists in all versions, that have file "kdeCMD" (not all versions
> > have this file).
>
> Where does this kdeCMD come from? No mention on google. No mention on
> kde.org. the 3.0.2 sourcecode tarballs contain no files named kdecmd (upper
> or
> lower), grepping all the source code for kdecmd (using case insensitive)
> returns
> nothing. I can only conclude you have a customized version of KDE, some
> strange modifications on your end or this is a hoax of some sort (?!?).
>
> Can anyone from KDE comment? Was this removed in 3.0.2? Is it some specific
> vendor addition?
No such program exists as part of any official KDE release nor the
KDE CVS repository, to my knowledge.
Simon Hausmann
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE9MwCxWXvMThJCpvIRAvvXAJ9hVm346FIUNwcY1s7cLDwR3RqeWQCgn/QY
it6S9C4yF+IycYpExenMHT4=
=MvqX
-----END PGP SIGNATURE-----
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]