Gentoo Logo

KDE Personal Information Management Suite Remote Buffer Overflow Vulnerability

Content:

1.  Gentoo Linux Security Advisory

Version Information

Advisory Reference GLSA 200404-02 / kde-base/kde
Release Date April 06, 2004
Latest Revision April 06, 2004: 01
Impact high
Exploitable remote
Package Vulnerable versions Unaffected versions Architecture(s)
kde-base/kde <= 3.1.4 >= 3.1.5 All supported architectures

Related bugreports: #38256

Synopsis

KDE-PIM may be vulnerable to a remote buffer overflow attack that may allow unauthorized access to an affected system.

2.  Impact Information

Background

KDE-PIM is an application suite designed to manage mail, addresses, appointments, and contacts.

Description

A buffer overflow may occur in KDE-PIM's VCF file reader when a maliciously crafted VCF file is opened by a user on a vulnerable system.

Impact

A remote attacker may unauthorized access to a user's personal data or execute commands with the user's privileges.

3.  Resolution Information

Workaround

A workaround is not currently known for this issue. All users are advised to upgrade to the latest version of the affected package.

Resolution

KDE users should upgrade to version 3.1.5 or later:

Code Listing 3.1: Resolution

# emerge sync

# emerge -pv ">=kde-base/kde-3.1.5"
# emerge ">=kde-base/kde-3.1.5"

4.  References



Print

Page updated April 06, 2004

Summary: This is a Gentoo Linux Security Advisory

Security Team
Contact Address

Donate to support our development efforts.

Copyright 2001-2014 Gentoo Foundation, Inc. Questions, Comments? Contact us.