Vulnerabilities > CVE-2005-0011 - Unspecified vulnerability in KDE 3.3/3.3.1/3.3.2

047910
CVSS 10.0 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
low complexity
kde
critical
nessus

Summary

Multiple vulnerabilities in fliccd, when installed setuid root as part of the kdeedu Kstars support for Instrument Neutral Distributed Interface (INDI) in KDE 3.3 to 3.3.2, allow local users and remote attackers to execute arbitrary code via stack-based buffer overflows.

Vulnerable Configurations

Part Description Count
OS
Kde
3

Nessus

  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_0512B76170FB40D39954AA4565528FA8.NASL
    descriptionA KDE Security Advisory explains : Overview KStars includes support for the Instrument Neutral Distributed Interface (INDI). The build system of this extra 3rd party software contained an installation hook to install fliccd (part of INDI) as SUID root application. Erik Sjolund discovered that the code contains several vulnerabilities that allow stack based buffer overflows. Impact If the fliccd binary is installed as suid root, it enables root privilege escalation for local users, or, if the daemon is actually running (which it does not by default) and is running as root, remote root privilege escalation.
    last seen2020-06-01
    modified2020-06-02
    plugin id18826
    published2005-07-13
    reporterThis script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/18826
    titleFreeBSD : kstars -- exploitable set-user-ID application fliccd (0512b761-70fb-40d3-9954-aa4565528fa8)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200502-23.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200502-23 (KStars: Buffer overflow in fliccd) Erik Sjolund discovered a buffer overflow in fliccd which is part of the INDI support in KStars. Impact : An attacker could exploit this vulnerability to execute code with elevated privileges. If fliccd does not run as daemon remote exploitation of this vulnerability is not possible. KDE as shipped by Gentoo does not start the daemon in the default installation. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id17128
    published2005-02-16
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/17128
    titleGLSA-200502-23 : KStars: Buffer overflow in fliccd
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2005-148.NASL
    description - Tue Feb 8 2005 Than Ngo <than at redhat.com> 3.3.1-2.3 - More fixing of CVE-2005-0011 patch - Tue Feb 1 2005 Than Ngo <than at redhat.com> 3.3.1-2.2 - Apply patch to fix buffer overflow in fliccd, CVE-2005-0011 (#146290) - replace kgeo (#142367) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id17137
    published2005-02-18
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/17137
    titleFedora Core 3 : kdeedu-3.3.1-2.3 (2005-148)