首页 -> 安全研究
安全研究
安全漏洞
KDE个人信息管理套件VCF文件远程缓冲区溢出漏洞
发布日期:2004-01-15
更新日期:2004-01-30
受影响系统:
KDE KDE 3.1.4描述:
KDE KDE 3.1.3
KDE KDE 3.1.2
KDE KDE 3.1.1a
KDE KDE 3.1.1
KDE KDE 3.1
- Mandrake Linux 9.1
- RedHat Linux 9.0
BUGTRAQ ID: 9419
CVE(CAN) ID: CVE-2003-0988
KDE是一款免费开放源代码X桌面管理程序,KDE个人信息管理程序(kdepim)套件帮助用户管理EMAIL,任务和联系人等信息。
kdepim程序在处理VCF文件信息头时存在缓冲区溢出,远程攻击者可以利用这个漏洞构建恶意VCF文件,诱使用户打开而可能以进程权限执行任意指令。
目前没有详细漏洞细节提供。
<*来源:KDE security advisory
链接:http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000810
http://www.linux-mandrake.com/en/security/2004/2004-003.php
https://www.redhat.com/support/errata/RHSA-2004-006.html
http://www.debian.org/security/2003/dsa-238
*>
建议:
厂商补丁:
Conectiva
---------
http://www.debian.org/security/2003/dsa-238
Debian
------
Debian已经为此发布了一个安全公告(DSA-238-1)以及相应补丁:
DSA-238-1:New kdepim packages fix several vulnerabilities
链接:http://www.debian.org/security/2002/dsa-238
补丁下载:
Source archives:
http://security.debian.org/pool/updates/main/k/kdepim/kdepim_2.2.2-5.2.dsc
Size/MD5 checksum: 817 3a9b6d07e71b4a78fff95f1e0d5f3df1
http://security.debian.org/pool/updates/main/k/kdepim/kdepim_2.2.2-5.2.diff.gz
Size/MD5 checksum: 104449 81c061d65307d74cb877766b57b22693
http://security.debian.org/pool/updates/main/k/kdepim/kdepim_2.2.2.orig.tar.gz
Size/MD5 checksum: 2426387 e090f1aad8ebd1a3ea1ecd42d51532f9
Alpha architecture:
http://security.debian.org/pool/updates/main/k/kdepim/kandy_2.2.2-5.2_alpha.deb
Size/MD5 checksum: 109240 6c5235a3331c8d3a774f7830e048f3d8
http://security.debian.org/pool/updates/main/k/kdepim/kdepim-dev_2.2.2-5.2_alpha.deb
Size/MD5 checksum: 22648 3a055bcaee8f6f88afe80b30e6f2211d
http://security.debian.org/pool/updates/main/k/kdepim/kdepim-libs_2.2.2-5.2_alpha.deb
Size/MD5 checksum: 456832 578b1f4eac0aebac76e90fe4010fcfb9
http://security.debian.org/pool/updates/main/k/kdepim/korganizer_2.2.2-5.2_alpha.deb
Size/MD5 checksum: 716432 50b9d71558a64615f1392cbe93033355
http://security.debian.org/pool/updates/main/k/kdepim/kpilot_2.2.2-5.2_alpha.deb
Size/MD5 checksum: 824996 27aa213fa013720f5f5a926aed891845
ARM architecture:
http://security.debian.org/pool/updates/main/k/kdepim/kandy_2.2.2-5.2_arm.deb
Size/MD5 checksum: 84314 8fbc92a65edc80b03d56629677366371
http://security.debian.org/pool/updates/main/k/kdepim/kdepim-dev_2.2.2-5.2_arm.deb
Size/MD5 checksum: 22646 7d035230f1ea1179e69ea25b167c7a96
http://security.debian.org/pool/updates/main/k/kdepim/kdepim-libs_2.2.2-5.2_arm.deb
Size/MD5 checksum: 362892 5261b05a017c810ec3a59aecb937f0b2
http://security.debian.org/pool/updates/main/k/kdepim/korganizer_2.2.2-5.2_arm.deb
Size/MD5 checksum: 620202 c638b1d0ff98cd9d78ca3bb8ddebabee
http://security.debian.org/pool/updates/main/k/kdepim/kpilot_2.2.2-5.2_arm.deb
Size/MD5 checksum: 724560 b4cb3ab202e12b3e4ce1180280b7b7c4
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/k/kdepim/kandy_2.2.2-5.2_i386.deb
Size/MD5 checksum: 84642 1cde319e7dc3939d6de153ebf9128140
http://security.debian.org/pool/updates/main/k/kdepim/kdepim-dev_2.2.2-5.2_i386.deb
Size/MD5 checksum: 22638 072fc2043003c57ee1288b461fe5080e
http://security.debian.org/pool/updates/main/k/kdepim/kdepim-libs_2.2.2-5.2_i386.deb
Size/MD5 checksum: 359282 60abc8750287b7acd90aea5f96ad681c
http://security.debian.org/pool/updates/main/k/kdepim/korganizer_2.2.2-5.2_i386.deb
Size/MD5 checksum: 598284 3272ea2762c45f9a97c868433750bf6c
http://security.debian.org/pool/updates/main/k/kdepim/kpilot_2.2.2-5.2_i386.deb
Size/MD5 checksum: 718354 6195ea202df4bf7895e4ab1d4ea6599c
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/k/kdepim/kandy_2.2.2-5.2_ia64.deb
Size/MD5 checksum: 127432 1e767af46b537f450c90b90a57838b75
http://security.debian.org/pool/updates/main/k/kdepim/kdepim-dev_2.2.2-5.2_ia64.deb
Size/MD5 checksum: 22638 03c37216be4a1abb7dafe8b2a50f03aa
http://security.debian.org/pool/updates/main/k/kdepim/kdepim-libs_2.2.2-5.2_ia64.deb
Size/MD5 checksum: 570572 f08e48aa1974ed09b0a6c47755ce67d0
http://security.debian.org/pool/updates/main/k/kdepim/korganizer_2.2.2-5.2_ia64.deb
Size/MD5 checksum: 835716 bec4be6dd27d531d6fb750dbbdb1c46b
http://security.debian.org/pool/updates/main/k/kdepim/kpilot_2.2.2-5.2_ia64.deb
Size/MD5 checksum: 934750 4e99292ff76e5a479493334e08fc9130
Motorola 680x0 architecture:
http://security.debian.org/pool/updates/main/k/kdepim/kandy_2.2.2-5.2_m68k.deb
Size/MD5 checksum: 83214 757f6ab819882d9e343d6ce0d89188ef
http://security.debian.org/pool/updates/main/k/kdepim/kdepim-dev_2.2.2-5.2_m68k.deb
Size/MD5 checksum: 22654 b5ed90d92e9b2c7129e63b37e62ef621
http://security.debian.org/pool/updates/main/k/kdepim/kdepim-libs_2.2.2-5.2_m68k.deb
Size/MD5 checksum: 358008 6f392d9a4d5b2023bd3e07d1f7b76c75
http://security.debian.org/pool/updates/main/k/kdepim/korganizer_2.2.2-5.2_m68k.deb
Size/MD5 checksum: 603922 607c929b8cef38dc36a80afb052b0c35
http://security.debian.org/pool/updates/main/k/kdepim/kpilot_2.2.2-5.2_m68k.deb
Size/MD5 checksum: 718006 daa16707658d414cfdca7fe733ef0d52
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/k/kdepim/kandy_2.2.2-5.2_mips.deb
Size/MD5 checksum: 97910 31149d82dcb3083d01f8c7517b2015e5
http://security.debian.org/pool/updates/main/k/kdepim/kdepim-dev_2.2.2-5.2_mips.deb
Size/MD5 checksum: 22644 058da04155cde7131a7180a6a4344044
http://security.debian.org/pool/updates/main/k/kdepim/kdepim-libs_2.2.2-5.2_mips.deb
Size/MD5 checksum: 358636 515217cc3e833710e408ce48a72a60fb
http://security.debian.org/pool/updates/main/k/kdepim/korganizer_2.2.2-5.2_mips.deb
Size/MD5 checksum: 609670 67fd35ad1b2d52ba94a05857bb1db109
http://security.debian.org/pool/updates/main/k/kdepim/kpilot_2.2.2-5.2_mips.deb
Size/MD5 checksum: 753496 00c8309e2c0424ab3fa9d7cf1fc4ba4d
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/k/kdepim/kandy_2.2.2-5.2_mipsel.deb
Size/MD5 checksum: 96896 402ca43606d340cf3321a94427072907
http://security.debian.org/pool/updates/main/k/kdepim/kdepim-dev_2.2.2-5.2_mipsel.deb
Size/MD5 checksum: 22640 5a622f10523f96b078facae719331bff
http://security.debian.org/pool/updates/main/k/kdepim/kdepim-libs_2.2.2-5.2_mipsel.deb
Size/MD5 checksum: 354500 17d31d36e4df790f94807547423f80a9
http://security.debian.org/pool/updates/main/k/kdepim/korganizer_2.2.2-5.2_mipsel.deb
Size/MD5 checksum: 601432 f4f0895538784636439876e0e9d50c57
http://security.debian.org/pool/updates/main/k/kdepim/kpilot_2.2.2-5.2_mipsel.deb
Size/MD5 checksum: 747728 66a47df6ee7a6bd4c592daf5e27a98d7
PowerPC architecture:
http://security.debian.org/pool/updates/main/k/kdepim/kandy_2.2.2-5.2_powerpc.deb
Size/MD5 checksum: 83602 b4447af57694f46b4529e25d455d9adf
http://security.debian.org/pool/updates/main/k/kdepim/kdepim-dev_2.2.2-5.2_powerpc.deb
Size/MD5 checksum: 22646 97b6c879dac3dc6964ac824ef06f9eae
http://security.debian.org/pool/updates/main/k/kdepim/kdepim-libs_2.2.2-5.2_powerpc.deb
Size/MD5 checksum: 378898 1b6470873c9f4fd72f9cda1807b9eeb7
http://security.debian.org/pool/updates/main/k/kdepim/korganizer_2.2.2-5.2_powerpc.deb
Size/MD5 checksum: 619312 925ede2755bca091cbfa2d76f4fec7f2
http://security.debian.org/pool/updates/main/k/kdepim/kpilot_2.2.2-5.2_powerpc.deb
Size/MD5 checksum: 706400 e5a8766555d252c21ad05622a0dbb096
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/k/kdepim/
补丁安装方法:
1. 手工安装补丁包:
首先,使用下面的命令来下载补丁软件:
# wget url (url是补丁下载链接地址)
然后,使用下面的命令来安装补丁:
# dpkg -i file.deb (file是相应的补丁名)
2. 使用apt-get自动安装补丁包:
首先,使用下面的命令更新内部数据库:
# apt-get update
然后,使用下面的命令安装更新软件包:
# apt-get upgrade
MandrakeSoft
------------
MandrakeSoft已经为此发布了一个安全公告(MDKSA-2004:003)以及相应补丁:
MDKSA-2004:003:Updated kdepim packages fix vulnerability
链接:http://www.linux-mandrake.com/en/security/2004/2004-003.php
补丁下载:
Updated Packages:
Mandrake Linux 9.1:
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.1/RPMS/kdepim-3.1-17.1.91mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.1/RPMS/kdepim-devel-3.1-17.1.91mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.1/SRPMS/kdepim-3.1-17.1.91mdk.src.rpm
Mandrake Linux 9.1/PPC:
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/ppc/9.1/RPMS/kdepim-3.1-17.1.91mdk.ppc.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/ppc/9.1/RPMS/kdepim-devel-3.1-17.1.91mdk.ppc.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/ppc/9.1/SRPMS/kdepim-3.1-17.1.91mdk.src.rpm
Mandrake Linux 9.2:
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.2/RPMS/kdepim-3.1.3-22.1.92mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.2/RPMS/kdepim-common-3.1.3-22.1.92mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.2/RPMS/kdepim-kaddressbook-3.1.3-22.1.92mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.2/RPMS/kdepim-karm-3.1.3-22.1.92mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.2/RPMS/kdepim-knotes-3.1.3-22.1.92mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.2/RPMS/kdepim-korganizer-3.1.3-22.1.92mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.2/RPMS/kdepim-kpilot-3.1.3-22.1.92mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.2/RPMS/libkdepim2-common-3.1.3-22.1.92mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.2/RPMS/libkdepim2-common-devel-3.1.3-22.1.92mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.2/RPMS/libkdepim2-korganizer-3.1.3-22.1.92mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.2/RPMS/libkdepim2-korganizer-devel-3.1.3-22.1.92mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.2/RPMS/libkdepim2-kpilot-3.1.3-22.1.92mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.2/RPMS/libkdepim2-kpilot-devel-3.1.3-22.1.92mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.2/SRPMS/kdepim-3.1.3-22.1.92mdk.src.rpm
Mandrake Linux 9.2/AMD64:
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/amd64/9.2/RPMS/kdepim-3.1.3-22.1.92mdk.amd64.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/amd64/9.2/RPMS/kdepim-common-3.1.3-22.1.92mdk.amd64.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/amd64/9.2/RPMS/kdepim-kaddressbook-3.1.3-22.1.92mdk.amd64.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/amd64/9.2/RPMS/kdepim-karm-3.1.3-22.1.92mdk.amd64.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/amd64/9.2/RPMS/kdepim-knotes-3.1.3-22.1.92mdk.amd64.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/amd64/9.2/RPMS/kdepim-korganizer-3.1.3-22.1.92mdk.amd64.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/amd64/9.2/RPMS/kdepim-kpilot-3.1.3-22.1.92mdk.amd64.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/amd64/9.2/RPMS/lib64kdepim2-common-3.1.3-22.1.92mdk.amd64.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/amd64/9.2/RPMS/lib64kdepim2-common-devel-3.1.3-22.1.92mdk.amd64.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/amd64/9.2/RPMS/lib64kdepim2-korganizer-3.1.3-22.1.92mdk.amd64.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/amd64/9.2/RPMS/lib64kdepim2-korganizer-devel-3.1.3-22.1.92mdk.amd64.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/amd64/9.2/RPMS/lib64kdepim2-kpilot-3.1.3-22.1.92mdk.amd64.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/amd64/9.2/RPMS/lib64kdepim2-kpilot-devel-3.1.3-22.1.92mdk.amd64.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/amd64/9.2/SRPMS/kdepim-3.1.3-22.1.92mdk.src.rpm
上述升级软件还可以在下列地址中的任意一个镜像ftp服务器上下载:
http://www.mandrakesecure.net/en/ftp.php
RedHat
------
RedHat已经为此发布了一个安全公告(RHSA-2004:006-01)以及相应补丁:
RHSA-2004:006-01:Updated kdepim packages resolve security vulnerability
链接:https://www.redhat.com/support/errata/RHSA-2004-006.html
补丁下载:
Red Hat Linux 9:
SRPMS:
ftp://updates.redhat.com/9/en/os/SRPMS/kdepim-3.1-6.src.rpm
i386:
ftp://updates.redhat.com/9/en/os/i386/kdepim-3.1-6.i386.rpm
ftp://updates.redhat.com/9/en/os/i386/kdepim-devel-3.1-6.i386.rpm
浏览次数:3425
严重程度:0(网友投票)
绿盟科技给您安全的保障