Vulnerabilities > CVE-2005-0011 - Unspecified vulnerability in KDE 3.3/3.3.1/3.3.2
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Multiple vulnerabilities in fliccd, when installed setuid root as part of the kdeedu Kstars support for Instrument Neutral Distributed Interface (INDI) in KDE 3.3 to 3.3.2, allow local users and remote attackers to execute arbitrary code via stack-based buffer overflows.
Nessus
NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_0512B76170FB40D39954AA4565528FA8.NASL description A KDE Security Advisory explains : Overview KStars includes support for the Instrument Neutral Distributed Interface (INDI). The build system of this extra 3rd party software contained an installation hook to install fliccd (part of INDI) as SUID root application. Erik Sjolund discovered that the code contains several vulnerabilities that allow stack based buffer overflows. Impact If the fliccd binary is installed as suid root, it enables root privilege escalation for local users, or, if the daemon is actually running (which it does not by default) and is running as root, remote root privilege escalation. last seen 2020-06-01 modified 2020-06-02 plugin id 18826 published 2005-07-13 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/18826 title FreeBSD : kstars -- exploitable set-user-ID application fliccd (0512b761-70fb-40d3-9954-aa4565528fa8) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200502-23.NASL description The remote host is affected by the vulnerability described in GLSA-200502-23 (KStars: Buffer overflow in fliccd) Erik Sjolund discovered a buffer overflow in fliccd which is part of the INDI support in KStars. Impact : An attacker could exploit this vulnerability to execute code with elevated privileges. If fliccd does not run as daemon remote exploitation of this vulnerability is not possible. KDE as shipped by Gentoo does not start the daemon in the default installation. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 17128 published 2005-02-16 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/17128 title GLSA-200502-23 : KStars: Buffer overflow in fliccd NASL family Fedora Local Security Checks NASL id FEDORA_2005-148.NASL description - Tue Feb 8 2005 Than Ngo <than at redhat.com> 3.3.1-2.3 - More fixing of CVE-2005-0011 patch - Tue Feb 1 2005 Than Ngo <than at redhat.com> 3.3.1-2.2 - Apply patch to fix buffer overflow in fliccd, CVE-2005-0011 (#146290) - replace kgeo (#142367) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 17137 published 2005-02-18 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/17137 title Fedora Core 3 : kdeedu-3.3.1-2.3 (2005-148)