Vulnerabilities > CVE-2006-6297 - Resource Management Errors vulnerability in KDE Kdegraphics 3.2/3.4.3
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
Stack consumption vulnerability in the KFILE JPEG (kfile_jpeg) plugin in kdegraphics 3, as used by konqueror, digikam, and other KDE image browsers, allows remote attackers to cause a denial of service (stack consumption) via a crafted EXIF section in a JPEG file, which results in an infinite recursion.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 2 |
Common Weakness Enumeration (CWE)
Nessus
NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200701-05.NASL description The remote host is affected by the vulnerability described in GLSA-200701-05 (KDE kfile JPEG info plugin: Denial of Service) Marcus Meissner of the SUSE security team discovered a stack overflow vulnerability in the code processing EXIF information in the kfile JPEG info plugin. Impact : A remote attacker could entice a user to view a specially crafted JPEG image with a KDE application like Konqueror or digiKam, leading to a Denial of Service by an infinite recursion. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 24203 published 2007-01-17 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24203 title GLSA-200701-05 : KDE kfile JPEG info plugin: Denial of Service code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 200701-05. # # The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(24203); script_version("1.13"); script_cvs_date("Date: 2019/08/02 13:32:43"); script_cve_id("CVE-2006-6297"); script_xref(name:"GLSA", value:"200701-05"); script_name(english:"GLSA-200701-05 : KDE kfile JPEG info plugin: Denial of Service"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-200701-05 (KDE kfile JPEG info plugin: Denial of Service) Marcus Meissner of the SUSE security team discovered a stack overflow vulnerability in the code processing EXIF information in the kfile JPEG info plugin. Impact : A remote attacker could entice a user to view a specially crafted JPEG image with a KDE application like Konqueror or digiKam, leading to a Denial of Service by an infinite recursion. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/200701-05" ); script_set_attribute( attribute:"solution", value: "All KDE users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=kde-base/kdegraphics-kfile-plugins-3.5.5-r1'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_cwe_id(399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:kdegraphics-kfile-plugins"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2007/01/12"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/01/17"); script_set_attribute(attribute:"vuln_publication_date", value:"2006/11/29"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"kde-base/kdegraphics-kfile-plugins", unaffected:make_list("ge 3.5.5-r1"), vulnerable:make_list("lt 3.5.5-r1"))) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get()); else security_warning(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "KDE kfile JPEG info plugin"); }NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2006-227.NASL description Stack overflow in the KFILE JPEG (kfile_jpeg) plugin in kdegraphics3, as used by konqueror, digikam, and other KDE image browsers, allows remote attackers to cause a denial of service (stack consumption) via a crafted EXIF section in a JPEG file, which results in an infinite recursion. The updated packages have been patched to correct this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 24610 published 2007-02-18 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24610 title Mandrake Linux Security Advisory : kdegraphics (MDKSA-2006:227) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandrake Linux Security Advisory MDKSA-2006:227. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(24610); script_version ("1.15"); script_cvs_date("Date: 2019/08/02 13:32:48"); script_cve_id("CVE-2006-6297"); script_xref(name:"MDKSA", value:"2006:227"); script_name(english:"Mandrake Linux Security Advisory : kdegraphics (MDKSA-2006:227)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Mandrake Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Stack overflow in the KFILE JPEG (kfile_jpeg) plugin in kdegraphics3, as used by konqueror, digikam, and other KDE image browsers, allows remote attackers to cause a denial of service (stack consumption) via a crafted EXIF section in a JPEG file, which results in an infinite recursion. The updated packages have been patched to correct this issue." ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_cwe_id(399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kdegraphics"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kdegraphics-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kdegraphics-kcolorchooser"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kdegraphics-kcoloredit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kdegraphics-kdvi"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kdegraphics-kfax"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kdegraphics-kghostview"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kdegraphics-kiconedit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kdegraphics-kolourpaint"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kdegraphics-kooka"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kdegraphics-kpdf"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kdegraphics-kpovmodeler"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kdegraphics-kruler"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kdegraphics-ksnapshot"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kdegraphics-ksvg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kdegraphics-kuickshow"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kdegraphics-kview"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kdegraphics-mrmlsearch"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64kdegraphics0-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64kdegraphics0-common-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64kdegraphics0-kghostview"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64kdegraphics0-kghostview-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64kdegraphics0-kooka"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64kdegraphics0-kooka-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64kdegraphics0-kpovmodeler"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64kdegraphics0-kpovmodeler-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64kdegraphics0-ksvg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64kdegraphics0-ksvg-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64kdegraphics0-kview"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64kdegraphics0-kview-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libkdegraphics0-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libkdegraphics0-common-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libkdegraphics0-kghostview"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libkdegraphics0-kghostview-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libkdegraphics0-kooka"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libkdegraphics0-kooka-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libkdegraphics0-kpovmodeler"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libkdegraphics0-kpovmodeler-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libkdegraphics0-ksvg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libkdegraphics0-ksvg-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libkdegraphics0-kview"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libkdegraphics0-kview-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2007"); script_set_attribute(attribute:"patch_publication_date", value:"2006/12/11"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/02/18"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK2007.0", reference:"kdegraphics-3.5.4-7.1mdv2007.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.0", reference:"kdegraphics-common-3.5.4-7.1mdv2007.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.0", reference:"kdegraphics-kcolorchooser-3.5.4-7.1mdv2007.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.0", reference:"kdegraphics-kcoloredit-3.5.4-7.1mdv2007.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.0", reference:"kdegraphics-kdvi-3.5.4-7.1mdv2007.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.0", reference:"kdegraphics-kfax-3.5.4-7.1mdv2007.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.0", reference:"kdegraphics-kghostview-3.5.4-7.1mdv2007.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.0", reference:"kdegraphics-kiconedit-3.5.4-7.1mdv2007.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.0", reference:"kdegraphics-kolourpaint-3.5.4-7.1mdv2007.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.0", reference:"kdegraphics-kooka-3.5.4-7.1mdv2007.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.0", reference:"kdegraphics-kpdf-3.5.4-7.1mdv2007.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.0", reference:"kdegraphics-kpovmodeler-3.5.4-7.1mdv2007.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.0", reference:"kdegraphics-kruler-3.5.4-7.1mdv2007.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.0", reference:"kdegraphics-ksnapshot-3.5.4-7.1mdv2007.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.0", reference:"kdegraphics-ksvg-3.5.4-7.1mdv2007.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.0", reference:"kdegraphics-kuickshow-3.5.4-7.1mdv2007.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.0", reference:"kdegraphics-kview-3.5.4-7.1mdv2007.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.0", reference:"kdegraphics-mrmlsearch-3.5.4-7.1mdv2007.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.0", cpu:"x86_64", reference:"lib64kdegraphics0-common-3.5.4-7.1mdv2007.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.0", cpu:"x86_64", reference:"lib64kdegraphics0-common-devel-3.5.4-7.1mdv2007.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.0", cpu:"x86_64", reference:"lib64kdegraphics0-kghostview-3.5.4-7.1mdv2007.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.0", cpu:"x86_64", reference:"lib64kdegraphics0-kghostview-devel-3.5.4-7.1mdv2007.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.0", cpu:"x86_64", reference:"lib64kdegraphics0-kooka-3.5.4-7.1mdv2007.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.0", cpu:"x86_64", reference:"lib64kdegraphics0-kooka-devel-3.5.4-7.1mdv2007.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.0", cpu:"x86_64", reference:"lib64kdegraphics0-kpovmodeler-3.5.4-7.1mdv2007.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.0", cpu:"x86_64", reference:"lib64kdegraphics0-kpovmodeler-devel-3.5.4-7.1mdv2007.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.0", cpu:"x86_64", reference:"lib64kdegraphics0-ksvg-3.5.4-7.1mdv2007.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.0", cpu:"x86_64", reference:"lib64kdegraphics0-ksvg-devel-3.5.4-7.1mdv2007.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.0", cpu:"x86_64", reference:"lib64kdegraphics0-kview-3.5.4-7.1mdv2007.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.0", cpu:"x86_64", reference:"lib64kdegraphics0-kview-devel-3.5.4-7.1mdv2007.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.0", cpu:"i386", reference:"libkdegraphics0-common-3.5.4-7.1mdv2007.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.0", cpu:"i386", reference:"libkdegraphics0-common-devel-3.5.4-7.1mdv2007.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.0", cpu:"i386", reference:"libkdegraphics0-kghostview-3.5.4-7.1mdv2007.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.0", cpu:"i386", reference:"libkdegraphics0-kghostview-devel-3.5.4-7.1mdv2007.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.0", cpu:"i386", reference:"libkdegraphics0-kooka-3.5.4-7.1mdv2007.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.0", cpu:"i386", reference:"libkdegraphics0-kooka-devel-3.5.4-7.1mdv2007.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.0", cpu:"i386", reference:"libkdegraphics0-kpovmodeler-3.5.4-7.1mdv2007.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.0", cpu:"i386", reference:"libkdegraphics0-kpovmodeler-devel-3.5.4-7.1mdv2007.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.0", cpu:"i386", reference:"libkdegraphics0-ksvg-3.5.4-7.1mdv2007.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.0", cpu:"i386", reference:"libkdegraphics0-ksvg-devel-3.5.4-7.1mdv2007.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.0", cpu:"i386", reference:"libkdegraphics0-kview-3.5.4-7.1mdv2007.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.0", cpu:"i386", reference:"libkdegraphics0-kview-devel-3.5.4-7.1mdv2007.0", yank:"mdv")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
Statements
| contributor | Mark J Cox |
| lastmodified | 2006-12-19 |
| organization | Red Hat |
| statement | We do not consider a crash of a client application such as Konqueror or other KFile users to be a security issue. |
References
- http://secunia.com/advisories/23203
- http://secunia.com/advisories/23213
- http://secunia.com/advisories/23300
- http://secunia.com/advisories/23728
- http://security.gentoo.org/glsa/glsa-200701-05.xml
- http://securitytracker.com/id?1017325
- http://www.kde.org/info/security/advisory-20061129-1.txt
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:227
- http://www.novell.com/linux/security/advisories/2006_73_mono.html
- http://www.securityfocus.com/bid/21384
- http://www.vupen.com/english/advisories/2006/4810