[26178] in bugtraq
Re: [VulnWatch] 5 bugs
daemon@ATHENA.MIT.EDU (Simon Hausmann)
Mon Jul 15 14:31:36 2002
Date: Mon, 15 Jul 2002 19:04:49 +0200
From: Simon Hausmann <hausmann@kde.org>
To: Kurt Seifried <kurt@seifried.org>
Cc: bugtraq@securityfocus.com, vulnwatch@vulnwatch.org
Message-ID: <20020715170449.GA11927@master.kde.org>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="7JfCtLOvnd9MIVvH"
Content-Disposition: inline
In-Reply-To: <004601c22bc9$4dc06330$1400020a@chaser>
--7JfCtLOvnd9MIVvH
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Mon, Jul 15, 2002 at 12:31:51AM -0600, Kurt Seifried wrote:
> From: "D4rkGr3y" <grey_1999@mail.ru>
> To: <bugtraq@securityfocus.com>; <vulnwatch@vulnwatch.org>
> Sent: Friday, July 12, 2002 12:35 PM
> Subject: [VulnWatch] 5 bugs
>=20
>=20
> > 5. KDE v.3.*
> > Buffer overflow in file kdeCMD.
> > Exploits:
> > ./kdeCMD -f [129b] - system crash
> > ./kdeCMD -f [128b] + [shellcode] - local root
> > Bug exists in all versions, that have file "kdeCMD" (not all versions
> > have this file).
>=20
> Where does this kdeCMD come from? No mention on google. No mention on
> kde.org. the 3.0.2 sourcecode tarballs contain no files named kdecmd (upp=
er
> or
> lower), grepping all the source code for kdecmd (using case insensitive)
> returns
> nothing. I can only conclude you have a customized version of KDE, some
> strange modifications on your end or this is a hoax of some sort (?!?).
>=20
> Can anyone from KDE comment? Was this removed in 3.0.2? Is it some specif=
ic
> vendor addition?
No such program exists as part of any official KDE release nor the
KDE CVS repository, to my knowledge.
Simon Hausmann
--7JfCtLOvnd9MIVvH
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE9MwCxWXvMThJCpvIRAvvXAJ9hVm346FIUNwcY1s7cLDwR3RqeWQCgn/QY
it6S9C4yF+IycYpExenMHT4=
=MvqX
-----END PGP SIGNATURE-----
--7JfCtLOvnd9MIVvH--
