[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
UNIRAS Brief - 321/05 -Two KDE Security Advisories:
-----BEGIN PGP SIGNED MESSAGE-----
- ----------------------------------------------------------------------------------
UNIRAS (UK Govt CERT) Briefing Notice - 321/05 dated 22.04.05 Time: 14:58
UNIRAS is part of NISCC (National Infrastructure Security Co-ordination Centre)
- ----------------------------------------------------------------------------------
UNIRAS material is also available from its website at www.uniras.gov.uk and
Information about NISCC is available from www.niscc.gov.uk
- ----------------------------------------------------------------------------------
Title
=====
Two KDE Security Advisories:
1. kimgio input validation errors
2. Kommander untrusted code execution
Detail
======
1. kimgio contains a PCX image file format reader that does
not properly perform input validation. A source code audit
performed by the KDE security team discovered several
vulnerabilities in the PCX and other image file format
readers, some of them exploitable to execute arbitrary
code.
2. Kommander is a visual editor and interpreter to edit and
interpret visual dialogs and execute scripts attached to
dialog actions. Kommander executes without user confirmation data files
from possibly untrusted locations. As they contain scripts, the
user might accidentally run arbitrary code.
1.
KDE Security Advisory: kimgio input validation errors
Original Release Date: 2005-04-21
URL: http://www.kde.org/info/security/advisory-20050421-1.txt
0. References
http://bugs.kde.org/102328
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1046
1. Systems affected:
kdelibs as shipped with KDE 3.2 up to including KDE 3.4.
2. Overview:
kimgio contains a PCX image file format reader that does
not properly perform input validation. A source code audit
performed by the KDE security team discovered several
vulnerabilities in the PCX and other image file format
readers, some of them exploitable to execute arbitrary
code.
3. Impact:
Remotly supplied, specially crafted image files can be used
to execute arbitrary code.
4. Solution:
Source code patches have been made available which fix these
vulnerabilities. Contact your OS vendor / binary package provider
for information about how to obtain updated binary packages.
5. Patch:
A patch for KDE 3.4.0 is available from
ftp://ftp.kde.org/pub/kde/security_patches :
78473d4dad612e6617eb6652eec2ab80 post-3.4.0-kdelibs-kimgio.diff
A patch for KDE 3.3.2 is available from
ftp://ftp.kde.org/pub/kde/security_patches :
8366d0e5c8101c315a0bdafac54536d6 post-3.3.2-kdelibs-kimgio.diff
6. Time line and credits:
24/03/2005 Notification of KDE by Bruno Rohee
21/04/2005 Coordinated Public Disclosure
2.
KDE Security Advisory: Kommander untrusted code execution
Original Release Date: 2005-04-20
URL: http://www.kde.org/info/security/advisory-20050420-1.txt
0. References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0754
1. Systems affected:
Quanta 3.1.x, KDE 3.2 and new up to including KDE 3.4.0.
2. Overview:
Kommander is a visual editor and interpreter to edit and
interpret visual dialogs and execute scripts attached to
dialog actions.
Kommander executes without user confirmation data files
from possibly untrusted locations. As they contain
scripts, the user might accidentally run arbitrary code.
3. Impact:
Remotly supplied kommander files from untrusted sources
are executed without confirmation.
4. Solution:
Source code patches have been made available which fix these
vulnerabilities. Contact your OS vendor / binary package provider
for information about how to obtain updated binary packages.
5. Patch:
A patch for KDE 3.4.0 is available from
ftp://ftp.kde.org/pub/kde/security_patches :
c388b21d91c8326fc9757cd8786713db post-3.4.0-kdewebdev-kommander.diff
A patch for KDE 3.3.2 is available from
ftp://ftp.kde.org/pub/kde/security_patches :
d210c07121c1ba3a97660a6e166738e6 post-3.3.2-kdewebdev-kommander.diff
6. Time line and credits:
13/03/2005 Notification of KDE security by Eckhart Worner
20/04/2005 Public Disclosure
_______________________________________________
kde-announce mailing list
kde-announce@xxxxxxx
https://mail.kde.org/mailman/listinfo/kde-announce
______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email
______________________________________________________________________
- ----------------------------------------------------------------------------------
For additional information or assistance, please contact the HELP Desk by
telephone or Not Protectively Marked information may be sent via
EMail to: uniras@xxxxxxxxxxxx
Office Hours:
Mon - Fri: 08:30 - 17:00 Hrs
Tel: +44 (0) 870 487 0748 Ext 4511
Fax: +44 (0) 870 487 0749
Outside of Office Hours:
On Call Duty Officer:
Tel: +44 (0) 870 487 0748 and follow the prompts
- ----------------------------------------------------------------------------------
UNIRAS wishes to acknowledge the contributions of KDE for the information
contained in this Briefing.
- ----------------------------------------------------------------------------------
This Briefing contains the information released by the original author. Some
of the information may have changed since it was released. If the vulnerability
affects you, it may be prudent to retrieve the advisory from the canonical site
to ensure that you receive the most current information concerning that problem.
Reference to any specific commercial product, process, or service by trade
name, trademark manufacturer, or otherwise, does not constitute or imply
its endorsement, recommendation, or favouring by UNIRAS or NISCC. The views
and opinions of authors expressed within this notice shall not be used for
advertising or product endorsement purposes.
Neither UNIRAS or NISCC shall also accept responsibility for any errors
or omissions contained within this briefing notice. In particular, they shall
not be liable for any loss or damage whatsoever, arising from or in connection
with the usage of information contained within this notice.
UNIRAS is a member of the Forum of Incident Response and Security Teams (FIRST)
and has contacts with other international Incident Response Teams (IRTs) in
order to foster cooperation and coordination in incident prevention, to prompt
rapid reaction to incidents, and to promote information sharing amongst its
members and the community at large.
- ----------------------------------------------------------------------------------
<End of UNIRAS Briefing>
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0
iQCVAwUBQmkCeopao72zK539AQG+AQQAiIWgHbQEvJOtE14XFR32jzOEwR5faNZ0
1AA8X7Ne7NzQdnWIeJ9lDJlBj4dPJvDfbR4q9QjQlkJd6U2tCn7aqYTN5Ht0D9+u
nK0Y9kRen07N8pWZVn3sNMg5esQ8miaxWJB1lRlL1MjkY6LCG/8s9DnikDPKdMyV
rh+p1ZsXcwc=
=ieKs
-----END PGP SIGNATURE-----
______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email
______________________________________________________________________
______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email
______________________________________________________________________