CVE-2005-0011 - Multiple vulnerabilities in fliccd, when installed setuid root as part of the kdeedu Kstars support

CVE-2005-0011

Summary

Multiple vulnerabilities in fliccd, when installed setuid root as part of the kdeedu Kstars support for Instrument Neutral Distributed Interface (INDI) in KDE 3.3 to 3.3.2, allow local users and remote attackers to execute arbitrary code via stack-based buffer overflows.

References

Vulnerable Configurations

cpe:2.3:o:kde:kde:3.3:*:*:*:*:*:*:*
cpe:2.3:o:kde:kde:3.3:*:*:*:*:*:*:*
cpe:2.3:o:kde:kde:3.3.1:*:*:*:*:*:*:*
cpe:2.3:o:kde:kde:3.3.1:*:*:*:*:*:*:*
cpe:2.3:o:kde:kde:3.3.2:*:*:*:*:*:*:*
cpe:2.3:o:kde:kde:3.3.2:*:*:*:*:*:*:*

CVSS

Base:	10.0 (as of 05-09-2008 - 20:45)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:L/Au:N/C:C/I:C/A:C

refmap via4

bugtraq	20050215 [KDE Security Advisory] Buffer overflow in fliccd of kdeedu/kstars/indi
confirm	http://www.kde.org/info/security/advisory-20050215-1.txt
fedora	FEDORA-2005-148
gentoo	GLSA-200502-23
secunia	14306

Last major update

05-09-2008 - 20:45

Published

02-05-2005 - 04:00

Last modified

05-09-2008 - 20:45