From: "D4rkGr3y" <grey_1999@mail.ru> To: <bugtraq@securityfocus.com>; <vulnwatch@vulnwatch.org> Sent: Friday, July 12, 2002 12:35 PM Subject: [VulnWatch] 5 bugs > 5. KDE v.3.* > Buffer overflow in file kdeCMD. > Exploits: > ./kdeCMD -f [129b] - system crash > ./kdeCMD -f [128b] + [shellcode] - local root > Bug exists in all versions, that have file "kdeCMD" (not all versions > have this file). Where does this kdeCMD come from? No mention on google. No mention on kde.org. the 3.0.2 sourcecode tarballs contain no files named kdecmd (upper or lower), grepping all the source code for kdecmd (using case insensitive) returns nothing. I can only conclude you have a customized version of KDE, some strange modifications on your end or this is a hoax of some sort (?!?). Can anyone from KDE comment? Was this removed in 3.0.2? Is it some specific vendor addition? Kurt Seifried, kurt@seifried.org A15B BEE5 B391 B9AD B0EF AEB0 AD63 0B4E AD56 E574 http://seifried.org/security/
