KDE kvt格式化字符串漏洞

漏洞信息详情

KDE kvt格式化字符串漏洞

• CNNVD编号：CNNVD-200012-106
• 危害等级： 高危
  
  
• CVE编号：
  CVE-2000-0918
  
• 漏洞类型：
  
  
  格式化字符串
  
• 发布时间：
  
  2000-12-19
  
• 威胁类型：
  
  
  本地
  
• 更新时间：
  
  2005-10-20
  
• 厂        商：
  
  kde
• 漏洞来源：
  Posted to Bugtraq …

KDE 1.1.2版本的kvt存在格式化字符串漏洞。本地用户借助包含格式化字符的DISPLAY环境变量执行任意命令。

Carlos Eduardo Gorges has supplied a patch he wrote that will fix the problem in his post to Bugtraq. Since kvt is no longer supported and will be obsoleted when KDE 2.0 is released, it is suggested that users use this patch.
KDE kvt 1.1.2
@techlinux.com.br>

• Carlos Eduardo Gorges kvt-diff.gzUse patch(1) to apply this diff file to the kvt source tree.
  
  http://www.securityfocus.com/data/vulnerabilities/patches/kvt-diff.gz@techlinux.com.br>

来源: BID
名称: 1700
链接:http://www.securityfocus.com/bid/1700

来源: BUGTRAQ
名称: 20000919 kvt format bug
链接:http://www.securityfocus.com/archive/1/83914