KDE个人信息管理套件VCF文件远程缓冲区溢出漏洞-一一网

漏洞信息详情

KDE个人信息管理套件VCF文件远程缓冲区溢出漏洞

CNNVD编号：CNNVD-200402-052

危害等级：高危
CVE编号：
CVE-2003-0988
漏洞类型：

边界条件错误
发布时间：

2004-01-15
威胁类型：

远程
更新时间：

2005-05-13
厂商：

kde
漏洞来源：
KDE security advis…

漏洞简介

KDE是一款免费开放源代码X桌面管理程序，KDE个人信息管理程序(kdepim)套件帮助用户管理EMAIL，任务和联系人等信息。
kdepim程序在处理VCF文件信息头时存在缓冲区溢出，远程攻击者可以利用这个漏洞构建恶意VCF文件，诱使用户打开而可能以进程权限执行任意指令。
目前没有详细漏洞细节提供。

漏洞公告

厂商补丁：
Conectiva
———

http://www.debian.org/security/2003/dsa-238
Debian
——
Debian已经为此发布了一个安全公告(DSA-238-1)以及相应补丁:

DSA-238-1：New kdepim packages fix several vulnerabilities

链接：http://www.debian.org/security/2002/dsa-238” target=”_blank”>
http://www.debian.org/security/2002/dsa-238

补丁下载：

Source archives:

http://security.debian.org/pool/updates/main/k/kdepim/kdepim_2.2.2-5.2.dsc” target=”_blank”>
http://security.debian.org/pool/updates/main/k/kdepim/kdepim_2.2.2-5.2.dsc

Size/MD5 checksum: 817 3a9b6d07e71b4a78fff95f1e0d5f3df1

http://security.debian.org/pool/updates/main/k/kdepim/kdepim_2.2.2-5.2.diff.gz” target=”_blank”>
http://security.debian.org/pool/updates/main/k/kdepim/kdepim_2.2.2-5.2.diff.gz

Size/MD5 checksum: 104449 81c061d65307d74cb877766b57b22693

http://security.debian.org/pool/updates/main/k/kdepim/kdepim_2.2.2.orig.tar.gz” target=”_blank”>
http://security.debian.org/pool/updates/main/k/kdepim/kdepim_2.2.2.orig.tar.gz

Size/MD5 checksum: 2426387 e090f1aad8ebd1a3ea1ecd42d51532f9

Alpha architecture:

http://security.debian.org/pool/updates/main/k/kdepim/kandy_2.2.2-5.2_alpha.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/k/kdepim/kandy_2.2.2-5.2_alpha.deb

Size/MD5 checksum: 109240 6c5235a3331c8d3a774f7830e048f3d8

http://security.debian.org/pool/updates/main/k/kdepim/kdepim-dev_2.2.2-5.2_alpha.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/k/kdepim/kdepim-dev_2.2.2-5.2_alpha.deb

Size/MD5 checksum: 22648 3a055bcaee8f6f88afe80b30e6f2211d

http://security.debian.org/pool/updates/main/k/kdepim/kdepim-libs_2.2.2-5.2_alpha.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/k/kdepim/kdepim-libs_2.2.2-5.2_alpha.deb

Size/MD5 checksum: 456832 578b1f4eac0aebac76e90fe4010fcfb9

http://security.debian.org/pool/updates/main/k/kdepim/korganizer_2.2.2-5.2_alpha.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/k/kdepim/korganizer_2.2.2-5.2_alpha.deb

Size/MD5 checksum: 716432 50b9d71558a64615f1392cbe93033355

http://security.debian.org/pool/updates/main/k/kdepim/kpilot_2.2.2-5.2_alpha.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/k/kdepim/kpilot_2.2.2-5.2_alpha.deb

Size/MD5 checksum: 824996 27aa213fa013720f5f5a926aed891845

ARM architecture:

http://security.debian.org/pool/updates/main/k/kdepim/kandy_2.2.2-5.2_arm.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/k/kdepim/kandy_2.2.2-5.2_arm.deb

Size/MD5 checksum: 84314 8fbc92a65edc80b03d56629677366371

http://security.debian.org/pool/updates/main/k/kdepim/kdepim-dev_2.2.2-5.2_arm.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/k/kdepim/kdepim-dev_2.2.2-5.2_arm.deb

Size/MD5 checksum: 22646 7d035230f1ea1179e69ea25b167c7a96

http://security.debian.org/pool/updates/main/k/kdepim/kdepim-libs_2.2.2-5.2_arm.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/k/kdepim/kdepim-libs_2.2.2-5.2_arm.deb

Size/MD5 checksum: 362892 5261b05a017c810ec3a59aecb937f0b2

http://security.debian.org/pool/updates/main/k/kdepim/korganizer_2.2.2-5.2_arm.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/k/kdepim/korganizer_2.2.2-5.2_arm.deb

Size/MD5 checksum: 620202 c638b1d0ff98cd9d78ca3bb8ddebabee

http://security.debian.org/pool/updates/main/k/kdepim/kpilot_2.2.2-5.2_arm.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/k/kdepim/kpilot_2.2.2-5.2_arm.deb

Size/MD5 checksum: 724560 b4cb3ab202e12b3e4ce1180280b7b7c4

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/k/kdepim/kandy_2.2.2-5.2_i386.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/k/kdepim/kandy_2.2.2-5.2_i386.deb

Size/MD5 checksum: 84642 1cde319e7dc3939d6de153ebf9128140

http://security.debian.org/pool/updates/main/k/kdepim/kdepim-dev_2.2.2-5.2_i386.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/k/kdepim/kdepim-dev_2.2.2-5.2_i386.deb

Size/MD5 checksum: 22638 072fc2043003c57ee1288b461fe5080e

http://security.debian.org/pool/updates/main/k/kdepim/kdepim-libs_2.2.2-5.2_i386.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/k/kdepim/kdepim-libs_2.2.2-5.2_i386.deb

Size/MD5 checksum: 359282 60abc8750287b7acd90aea5f96ad681c

http://security.debian.org/pool/updates/main/k/kdepim/korganizer_2.2.2-5.2_i386.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/k/kdepim/korganizer_2.2.2-5.2_i386.deb

Size/MD5 checksum: 598284 3272ea2762c45f9a97c868433750bf6c

http://security.debian.org/pool/updates/main/k/kdepim/kpilot_2.2.2-5.2_i386.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/k/kdepim/kpilot_2.2.2-5.2_i386.deb

Size/MD5 checksum: 718354 6195ea202df4bf7895e4ab1d4ea6599c

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/k/kdepim/kandy_2.2.2-5.2_ia64.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/k/kdepim/kandy_2.2.2-5.2_ia64.deb

Size/MD5 checksum: 127432 1e767af46b537f450c90b90a57838b75

http://security.debian.org/pool/updates/main/k/kdepim/kdepim-dev_2.2.2-5.2_ia64.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/k/kdepim/kdepim-dev_2.2.2-5.2_ia64.deb

Size/MD5 checksum: 22638 03c37216be4a1abb7dafe8b2a50f03aa

http://security.debian.org/pool/updates/main/k/kdepim/kdepim-libs_2.2.2-5.2_ia64.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/k/kdepim/kdepim-libs_2.2.2-5.2_ia64.deb

Size/MD5 checksum: 570572 f08e48aa1974ed09b0a6c47755ce67d0

http://security.debian.org/pool/updates/main/k/kdepim/korganizer_2.2.2-5.2_ia64.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/k/kdepim/korganizer_2.2.2-5.2_ia64.deb

Size/MD5 checksum: 835716 bec4be6dd27d531d6fb750dbbdb1c46b

http://security.debian.org/pool/updates/main/k/kdepim/kpilot_2.2.2-5.2_ia64.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/k/kdepim/kpilot_2.2.2-5.2_ia64.deb

Size/MD5 checksum: 934750 4e99292ff76e5a479493334e08fc9130

Motorola 680×0 architecture:

http://security.debian.org/pool/updates/main/k/kdepim/kandy_2.2.2-5.2_m68k.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/k/kdepim/kandy_2.2.2-5.2_m68k.deb

Size/MD5 checksum: 83214 757f6ab819882d9e343d6ce0d89188ef

http://security.debian.org/pool/updates/main/k/kdepim/kdepim-dev_2.2.2-5.2_m68k.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/k/kdepim/kdepim-dev_2.2.2-5.2_m68k.deb

Size/MD5 checksum: 22654 b5ed90d92e9b2c7129e63b37e62ef621

http://security.debian.org/pool/updates/main/k/kdepim/kdepim-libs_2.2.2-5.2_m68k.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/k/kdepim/kdepim-libs_2.2.2-5.2_m68k.deb

Size/MD5 checksum: 358008 6f392d9a4d5b2023bd3e07d1f7b76c75

http://security.debian.org/pool/updates/main/k/kdepim/korganizer_2.2.2-5.2_m68k.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/k/kdepim/korganizer_2.2.2-5.2_m68k.deb

Size/MD5 checksum: 603922 607c929b8cef38dc36a80afb052b0c35

http://security.debian.org/pool/updates/main/k/kdepim/kpilot_2.2.2-5.2_m68k.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/k/kdepim/kpilot_2.2.2-5.2_m68k.deb

Size/MD5 checksum: 718006 daa16707658d414cfdca7fe733ef0d52

Big endian MIPS architecture:

http://security.debian.

参考网址

来源:US-CERT Vulnerability Note: VU#820798
名称: VU#820798
链接:http://www.kb.cert.org/vuls/id/820798

来源: BID
名称: 9419
链接:http://www.securityfocus.com/bid/9419

来源: REDHAT
名称: RHSA-2004:005
链接:http://www.redhat.com/support/errata/RHSA-2004-005.html

来源: www.kde.org
链接:http://www.kde.org/info/security/advisory-20040114-1.txt

来源: BUGTRAQ
名称: 20040114 KDE Security Advisory: VCF file information reader vulnerability
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=107412130407906&w=2

来源: XF
名称: kde-kdepim-bo(14833)
链接:http://xforce.iss.net/xforce/xfdb/14833

来源: REDHAT
名称: RHSA-2004:006
链接:http://www.redhat.com/support/errata/RHSA-2004-006.html

来源: MANDRAKE
名称: MDKSA-2004:003
链接:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:003

来源: GENTOO
名称: GLSA-200404-02
链接:http://security.gentoo.org/glsa/glsa-200404-02.xml

来源: CONECTIVA
名称: CLA-2004:810
链接:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000810

来源: US Government Resource: oval:org.mitre.oval:def:865
名称: oval:org.mitre.oval:def:865
链接:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:865

来源: US Government Resource: oval:org.mitre.oval:def:858
名称: oval:org.mitre.oval:def:858
链接:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:858