On Mon, Jul 15, 2002 at 12:31:51AM -0600, Kurt Seifried wrote: > From: "D4rkGr3y" <grey_1999@mail.ru> > To: <bugtraq@securityfocus.com>; <vulnwatch@vulnwatch.org> > Sent: Friday, July 12, 2002 12:35 PM > Subject: [VulnWatch] 5 bugs > > > > 5. KDE v.3.* > > Buffer overflow in file kdeCMD. > > Exploits: > > ./kdeCMD -f [129b] - system crash > > ./kdeCMD -f [128b] + [shellcode] - local root > > Bug exists in all versions, that have file "kdeCMD" (not all versions > > have this file). > > Where does this kdeCMD come from? No mention on google. No mention on > kde.org. the 3.0.2 sourcecode tarballs contain no files named kdecmd (upper > or > lower), grepping all the source code for kdecmd (using case insensitive) > returns > nothing. I can only conclude you have a customized version of KDE, some > strange modifications on your end or this is a hoax of some sort (?!?). > > Can anyone from KDE comment? Was this removed in 3.0.2? Is it some specific > vendor addition? No such program exists as part of any official KDE release nor the KDE CVS repository, to my knowledge. Simon Hausmann
Attachment:
pgp00169.pgp
Description: PGP signature
