KDE Security Advisory - The KDE FTP ioslave parses the host address in the PASV response of a FTP server response. mark from bindshell.net pointed out that this could be exploited via JavaScript for automated port scanning. It was not possible to demonstrate the vulnerability via JavaScript with Konqueror from KDE 3.5.x. However, other scenarios are possible. Systems affected are KDE up to and including KDE version 3.5.6.
11a8b2185f26494437aee4a5b794dd9dfc7df3072b51c8db1a96b3d190915204KDE Security Advisory - kpdf, the KDE pdf viewer, shares code with xpdf. xpdf contains a vulnerability that can cause denial of service (infinite loop) via a PDF file that contains a crafted catalog dictionary or a crafted Pages attribute that references an invalid page tree node.
42812a15864105269027b14064b13deb20beeca385431654ec9eb079ccaf20c4KDE Security Advisory - On 2006-12-27, a proof of concept for arbitrary code execution in ksirc was published by Federico L. Bossi Bonin. The published exploit triggers an assertion in ksirc and results in a a NULL pointer dereference (crash) for non-debug builds.
bbe226f8526b19cff802b45793648da93e38d02f08a6eb41783cd101bf62423dKDE Security Advisory - The OLE import filter, which is used in KPresenter to open Microsoft Powerpoint files is vulnerable to an integer overflow problem that can be exploited to expose an heap memory overflow. This issue was reported by Kees Cook from Ubuntu security. KOffice versions 1.4.x and 1.6.0 are affected.
5e616116d126762e0386e401b5ffeb2270a95ffca025fe458d9dd87fc7b1f07bKDE Security Advisory - KDM allows the user to select the session type for login. This setting is permanently stored in the user home directory. By using a symlink attack, KDM can be tricked into allowing the user to read file content that would otherwise be unreadable to this particular user. This vulnerability was discovered and reported by Ludwig Nussel. Affected is KDM as shipped with KDE 3.2.0 up to including 3.5.3. KDE 3.1.x and older and newer versions than KDE 3.5.3 are not affected.
493de7dce7242b287dcc692387f2a132843559e38ab67417468d28a46688fab2KDE Security Advisory: kpdf, the KDE pdf viewer, shares code with xpdf. xpdf contains a heap based buffer overflow in the splash rasterizer engine that can crash kpdf or even execute arbitrary code.
1f20afd94b18f6fc594be62838d3e05a81cc8ec24978c70320608b5cd0e814d8KDE Security Advisory: kpdf, the KDE pdf viewer, shares code with xpdf. xpdf contains multiple integer overflow vulnerabilities that allow specially crafted pdf files, when opened, to overflow a heap allocated buffer and execute arbitrary code. Systems affected are KDE 3.2.0 up to and including KDE 3.5.0 and KOffice 1.3.0 up to and including KOffice 1.4.2.
0cee893dafaf137d0d32568c4d2e63ba6261d97c0a2ff9d758266004c900237bKDE Security Advisory: Chris Evans reported a heap based buffer overflow in the RTF importer of KWord. Opening specially crafted RTF files in KWord can cause execution of arbitrary code. Affected are all KOffice releases starting from KOffice 1.2.0 up to and including KOffice 1.4.1.
d4ff9986f62282d33972361b743f867876d6b8bc485e2d9d18a63c4368ccba80KDE Security Advisory: Ilja van Sprundel from suresec.org notified the KDE security team about a serious lock file handling error in kcheckpass that can, in some configurations, be used to gain root access. In order for an exploit to succeed, the directory /var/lock has to be writeable for a user that is allowed to invoke kcheckpass. Affected are all KDE releases starting from KDE 3.2.0 up to including KDE 3.4.2.
e4126780e1718411fc8d987b510d320c1017a094f233983191e32430a74092d1KDE Security Advisory: kpdf, the KDE pdf viewer, shares code with xpdf. xpdf contains a vulnerability that causes it to write a file in $TMPDIR with almost infinite size, which can severly impact system performance. Systems affected are KDE 3.3.1 up to and including KDE 3.4.1.
2be88a931bccf813356cdff44b2770b38780fa147899f88ce3aa27638c7b3866KDE Security Advisory: Kopete contains a copy of libgadu that is used if no compatible version is installed in the system. Several input validation errors have been reported in libgadu that can lead to integer overflows and remote DoS or arbitrary code execution. All versions of Kopete as included in KDE 3.3.x up to including 3.4.1 are affected. KDE 3.2.x and older are not affected.
027346c8598e574fe798a52a6591511bfa26e78e5c41c50df090371a163a0bdeKDE Security Advisory: Kate / Kwrite create a file backup before saving a modified file. These backup files are created with default permissions, even if the original file had more strict permissions set. Depending on the system security settings, backup files might be readable by other users. All maintained versions of Kate and Kwrite as shipped with KDE 3.2.x up to including 3.4.0. KDE 3.1.x and older and KDE 3.4.1 and newer are not affected.
4d95c4fecfc491d82b51de3f8a19f89ae29adc0d27944b76e89e62661e35a65dKDE Security Advisory: kimgio contains a PCX image file format reader that does not properly perform input validation. A source code audit performed by the KDE security team discovered several vulnerabilities in the PCX and other image file format readers, some of them exploitable to execute arbitrary code.
541b770d166d535ed31873d7fc040185169e96ce83b2851ceec63ccf5120c5feKDE Security Advisory: Kommander executes without user confirmation data files from possibly untrusted locations. As they contain scripts, the user might accidentally run arbitrary code.
15c0b15e1f97fffefbb19b6f2354efaea247f2f23d0219684a0be903991619c5KDE Security Advisory: Sebastian Krahmer of the SUSE LINUX Security Team reported a local denial of service vulnerability in KDE's Desktop Communication Protocol (DCOP) daemon better known as dcopserver. Systems affected: All KDE version prior to KDE 3.4 on systems where multiple users have access.
4f12cb84df4ea525e8d75fed62c1760952046451f23e18cde30ede4ba590c810KDE Security Advisory: The fliccd binary, when installed suid root, is susceptible to various stack overflows that allow for privilege escalation.
53f9d6c926d6c422e9bb5f1534c99d3014efb5c7eeb48ef4e09227b1bc874c15KDE Security Advisory: kpdf, the KDE pdf viewer, shares code with xpdf. xpdf contains a buffer overflow that can be triggered by a specially crafted PDF file.
6b15ccf0b7bec83aa5472d69ac47e0982d0440956056b53788eaaf87744463e3KDE Security Advisory: KDE applications which use the ftp kioslave, e.g. Konqueror, allow remote attackers to execute arbitrary FTP commands via an ftp:// URL that contains an URL-encoded newline ( %0a ) before the ftp command, which causes the commands to be inserted into the resulting FTP session. Due to similarities between the ftp and the SMTP protocol, this vulnerability allows to misuse the ftp slave to connect to a SMTP server and issue arbitrary commands, like sending an email. Systems affected: All KDE releases up to including KDE 3.3.2.
4429ce691dd6dfc1eb15fafba3e0a37e86e5eae8b2d37f239250facce7ba3781KDE Security Advisory: kpdf, the KDE pdf viewer, shares code with xpdf. xpdf contains a buffer overflow that can be triggered by a specially crafted PDF file.
34a96e4ccfc6bc38f130061fe7d69adb1d54fb95e91f6eb8ea657e2605e23145KDE Security Advisory: Two flaws in the Konqueror webbrowser make it possible to by pass the sandbox environment which is used to run Java-applets. One flaw allows access to restricted Java classes via JavaScript, making it possible to escalate the privileges of the Java-applet. The other problem is that Konqueror fails to correctly restrict access to certain Java classes from the Java-applet itself. All versions of KDE up to KDE 3.3.1 inclusive. KDE 3.3.2 is not affected.
2ed5ada9061438c8f6796da3847fe6c906ed5e2cd6dc24c94bc73b1a1b3d2856KDE Security Advisory: The Konqueror web browser allows websites to load web pages into a window or tab currently used by another website. This vulnerability is similar to the Konqueror Frame Injection Vulnerability reported on 2004-08-11 but the solution offered as part of that advisory did not cover the window case. All versions of KDE up to KDE 3.3.2 inclusive.
bd90944bc6fea53957f0d736a631e5f342fff46772ca4a399b462dae49e662f3KDE Security Advisory - Konqueror suffers from a Cross-Domain Cookie Injection vulnerability.
b677033eae041feccfc0d629be666a7a4a676bbb34a2b617d81f358a7e7b56b9KDE Security Advisory - The Konqueror webbrowser allows websites to load webpages into a frame of any other frame-based webpage that the user may have open. A malicious website could abuse Konqueror to insert its own frames into the page of an otherwise trusted website. As a result the user may unknowingly send confidential information intended for the trusted website to the malicious website.
b7ff3009fd3623b629ad1c23d4c939e8d8d86da8e264bc838bb07aa33d69cf78KDE Security Advisory - The Debian project was alerted that KDE's DCOPServer creates temporary files in an insecure manner. Since the temporary files are used for authentication related purposes this can potentially allow a local attacker to compromise the account of any user which runs a KDE application. Affected are version KDE 3.2.x up to KDE 3.2.3 inclusive.
650cf7c1856dd61b02738370add6ac1637635e590a07b095095cc7e81d599a31KDE Security Advisory - The SUSE security team was alerted that in some cases the integrity of symlinks used by KDE are not ensured and that these symlinks can be pointing to stale locations. This can be abused by a local attacker to create or truncate arbitrary files or to prevent KDE applications from functioning correctly (Denial of Service). All versions of KDE up to KDE 3.2.3 inclusive.
ca4d4d4bce4848177851839010191e887247b3048ad18fc61311b63b0761a215
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed