安全研究

安全漏洞
KDE个人信息管理套件VCF文件远程缓冲区溢出漏洞

发布日期:2004-01-15
更新日期:2004-01-30

受影响系统:
KDE KDE 3.1.4
KDE KDE 3.1.3
KDE KDE 3.1.2
KDE KDE 3.1.1a
KDE KDE 3.1.1
KDE KDE 3.1
    - Mandrake Linux 9.1
    - RedHat Linux 9.0
描述:
BUGTRAQ  ID: 9419
CVE(CAN) ID: CVE-2003-0988

KDE是一款免费开放源代码X桌面管理程序,KDE个人信息管理程序(kdepim)套件帮助用户管理EMAIL,任务和联系人等信息。

kdepim程序在处理VCF文件信息头时存在缓冲区溢出,远程攻击者可以利用这个漏洞构建恶意VCF文件,诱使用户打开而可能以进程权限执行任意指令。

目前没有详细漏洞细节提供。

<*来源:KDE security advisory
  
  链接:http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000810
        http://www.linux-mandrake.com/en/security/2004/2004-003.php
        https://www.redhat.com/support/errata/RHSA-2004-006.html
        http://www.debian.org/security/2003/dsa-238
*>

建议:
厂商补丁:

Conectiva
---------
http://www.debian.org/security/2003/dsa-238

Debian
------
Debian已经为此发布了一个安全公告(DSA-238-1)以及相应补丁:
DSA-238-1:New kdepim packages fix several vulnerabilities
链接:http://www.debian.org/security/2002/dsa-238

补丁下载:

Source archives:

http://security.debian.org/pool/updates/main/k/kdepim/kdepim_2.2.2-5.2.dsc
Size/MD5 checksum:      817 3a9b6d07e71b4a78fff95f1e0d5f3df1
http://security.debian.org/pool/updates/main/k/kdepim/kdepim_2.2.2-5.2.diff.gz
Size/MD5 checksum:   104449 81c061d65307d74cb877766b57b22693
http://security.debian.org/pool/updates/main/k/kdepim/kdepim_2.2.2.orig.tar.gz
Size/MD5 checksum:  2426387 e090f1aad8ebd1a3ea1ecd42d51532f9

Alpha architecture:

http://security.debian.org/pool/updates/main/k/kdepim/kandy_2.2.2-5.2_alpha.deb
Size/MD5 checksum:   109240 6c5235a3331c8d3a774f7830e048f3d8
http://security.debian.org/pool/updates/main/k/kdepim/kdepim-dev_2.2.2-5.2_alpha.deb
Size/MD5 checksum:    22648 3a055bcaee8f6f88afe80b30e6f2211d
http://security.debian.org/pool/updates/main/k/kdepim/kdepim-libs_2.2.2-5.2_alpha.deb
Size/MD5 checksum:   456832 578b1f4eac0aebac76e90fe4010fcfb9
http://security.debian.org/pool/updates/main/k/kdepim/korganizer_2.2.2-5.2_alpha.deb
Size/MD5 checksum:   716432 50b9d71558a64615f1392cbe93033355
http://security.debian.org/pool/updates/main/k/kdepim/kpilot_2.2.2-5.2_alpha.deb
Size/MD5 checksum:   824996 27aa213fa013720f5f5a926aed891845

ARM architecture:

http://security.debian.org/pool/updates/main/k/kdepim/kandy_2.2.2-5.2_arm.deb
Size/MD5 checksum:    84314 8fbc92a65edc80b03d56629677366371
http://security.debian.org/pool/updates/main/k/kdepim/kdepim-dev_2.2.2-5.2_arm.deb
Size/MD5 checksum:    22646 7d035230f1ea1179e69ea25b167c7a96
http://security.debian.org/pool/updates/main/k/kdepim/kdepim-libs_2.2.2-5.2_arm.deb
Size/MD5 checksum:   362892 5261b05a017c810ec3a59aecb937f0b2
http://security.debian.org/pool/updates/main/k/kdepim/korganizer_2.2.2-5.2_arm.deb
Size/MD5 checksum:   620202 c638b1d0ff98cd9d78ca3bb8ddebabee
http://security.debian.org/pool/updates/main/k/kdepim/kpilot_2.2.2-5.2_arm.deb
Size/MD5 checksum:   724560 b4cb3ab202e12b3e4ce1180280b7b7c4

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/k/kdepim/kandy_2.2.2-5.2_i386.deb
Size/MD5 checksum:    84642 1cde319e7dc3939d6de153ebf9128140
http://security.debian.org/pool/updates/main/k/kdepim/kdepim-dev_2.2.2-5.2_i386.deb
Size/MD5 checksum:    22638 072fc2043003c57ee1288b461fe5080e
http://security.debian.org/pool/updates/main/k/kdepim/kdepim-libs_2.2.2-5.2_i386.deb
Size/MD5 checksum:   359282 60abc8750287b7acd90aea5f96ad681c
http://security.debian.org/pool/updates/main/k/kdepim/korganizer_2.2.2-5.2_i386.deb
Size/MD5 checksum:   598284 3272ea2762c45f9a97c868433750bf6c
http://security.debian.org/pool/updates/main/k/kdepim/kpilot_2.2.2-5.2_i386.deb
Size/MD5 checksum:   718354 6195ea202df4bf7895e4ab1d4ea6599c

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/k/kdepim/kandy_2.2.2-5.2_ia64.deb
Size/MD5 checksum:   127432 1e767af46b537f450c90b90a57838b75
http://security.debian.org/pool/updates/main/k/kdepim/kdepim-dev_2.2.2-5.2_ia64.deb
Size/MD5 checksum:    22638 03c37216be4a1abb7dafe8b2a50f03aa
http://security.debian.org/pool/updates/main/k/kdepim/kdepim-libs_2.2.2-5.2_ia64.deb
Size/MD5 checksum:   570572 f08e48aa1974ed09b0a6c47755ce67d0
http://security.debian.org/pool/updates/main/k/kdepim/korganizer_2.2.2-5.2_ia64.deb
Size/MD5 checksum:   835716 bec4be6dd27d531d6fb750dbbdb1c46b
http://security.debian.org/pool/updates/main/k/kdepim/kpilot_2.2.2-5.2_ia64.deb
Size/MD5 checksum:   934750 4e99292ff76e5a479493334e08fc9130

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/k/kdepim/kandy_2.2.2-5.2_m68k.deb
Size/MD5 checksum:    83214 757f6ab819882d9e343d6ce0d89188ef
http://security.debian.org/pool/updates/main/k/kdepim/kdepim-dev_2.2.2-5.2_m68k.deb
Size/MD5 checksum:    22654 b5ed90d92e9b2c7129e63b37e62ef621
http://security.debian.org/pool/updates/main/k/kdepim/kdepim-libs_2.2.2-5.2_m68k.deb
Size/MD5 checksum:   358008 6f392d9a4d5b2023bd3e07d1f7b76c75
http://security.debian.org/pool/updates/main/k/kdepim/korganizer_2.2.2-5.2_m68k.deb
Size/MD5 checksum:   603922 607c929b8cef38dc36a80afb052b0c35
http://security.debian.org/pool/updates/main/k/kdepim/kpilot_2.2.2-5.2_m68k.deb
Size/MD5 checksum:   718006 daa16707658d414cfdca7fe733ef0d52

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/k/kdepim/kandy_2.2.2-5.2_mips.deb
Size/MD5 checksum:    97910 31149d82dcb3083d01f8c7517b2015e5
http://security.debian.org/pool/updates/main/k/kdepim/kdepim-dev_2.2.2-5.2_mips.deb
Size/MD5 checksum:    22644 058da04155cde7131a7180a6a4344044
http://security.debian.org/pool/updates/main/k/kdepim/kdepim-libs_2.2.2-5.2_mips.deb
Size/MD5 checksum:   358636 515217cc3e833710e408ce48a72a60fb
http://security.debian.org/pool/updates/main/k/kdepim/korganizer_2.2.2-5.2_mips.deb
Size/MD5 checksum:   609670 67fd35ad1b2d52ba94a05857bb1db109
http://security.debian.org/pool/updates/main/k/kdepim/kpilot_2.2.2-5.2_mips.deb
Size/MD5 checksum:   753496 00c8309e2c0424ab3fa9d7cf1fc4ba4d

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/k/kdepim/kandy_2.2.2-5.2_mipsel.deb
Size/MD5 checksum:    96896 402ca43606d340cf3321a94427072907
http://security.debian.org/pool/updates/main/k/kdepim/kdepim-dev_2.2.2-5.2_mipsel.deb
Size/MD5 checksum:    22640 5a622f10523f96b078facae719331bff
http://security.debian.org/pool/updates/main/k/kdepim/kdepim-libs_2.2.2-5.2_mipsel.deb
Size/MD5 checksum:   354500 17d31d36e4df790f94807547423f80a9
http://security.debian.org/pool/updates/main/k/kdepim/korganizer_2.2.2-5.2_mipsel.deb
Size/MD5 checksum:   601432 f4f0895538784636439876e0e9d50c57
http://security.debian.org/pool/updates/main/k/kdepim/kpilot_2.2.2-5.2_mipsel.deb
Size/MD5 checksum:   747728 66a47df6ee7a6bd4c592daf5e27a98d7

PowerPC architecture:

http://security.debian.org/pool/updates/main/k/kdepim/kandy_2.2.2-5.2_powerpc.deb
Size/MD5 checksum:    83602 b4447af57694f46b4529e25d455d9adf
http://security.debian.org/pool/updates/main/k/kdepim/kdepim-dev_2.2.2-5.2_powerpc.deb
Size/MD5 checksum:    22646 97b6c879dac3dc6964ac824ef06f9eae
http://security.debian.org/pool/updates/main/k/kdepim/kdepim-libs_2.2.2-5.2_powerpc.deb
Size/MD5 checksum:   378898 1b6470873c9f4fd72f9cda1807b9eeb7
http://security.debian.org/pool/updates/main/k/kdepim/korganizer_2.2.2-5.2_powerpc.deb
Size/MD5 checksum:   619312 925ede2755bca091cbfa2d76f4fec7f2
http://security.debian.org/pool/updates/main/k/kdepim/kpilot_2.2.2-5.2_powerpc.deb
Size/MD5 checksum:   706400 e5a8766555d252c21ad05622a0dbb096

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/k/kdepim/


补丁安装方法:

1. 手工安装补丁包:

  首先,使用下面的命令来下载补丁软件:
  # wget url  (url是补丁下载链接地址)

  然后,使用下面的命令来安装补丁:  
  # dpkg -i file.deb (file是相应的补丁名)

2. 使用apt-get自动安装补丁包:

   首先,使用下面的命令更新内部数据库:
   # apt-get update
  
   然后,使用下面的命令安装更新软件包:
   # apt-get upgrade

MandrakeSoft
------------
MandrakeSoft已经为此发布了一个安全公告(MDKSA-2004:003)以及相应补丁:
MDKSA-2004:003:Updated kdepim packages fix vulnerability
链接:http://www.linux-mandrake.com/en/security/2004/2004-003.php

补丁下载:

Updated Packages:

Mandrake Linux 9.1:
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.1/RPMS/kdepim-3.1-17.1.91mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.1/RPMS/kdepim-devel-3.1-17.1.91mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.1/SRPMS/kdepim-3.1-17.1.91mdk.src.rpm

Mandrake Linux 9.1/PPC:
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/ppc/9.1/RPMS/kdepim-3.1-17.1.91mdk.ppc.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/ppc/9.1/RPMS/kdepim-devel-3.1-17.1.91mdk.ppc.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/ppc/9.1/SRPMS/kdepim-3.1-17.1.91mdk.src.rpm

Mandrake Linux 9.2:
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.2/RPMS/kdepim-3.1.3-22.1.92mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.2/RPMS/kdepim-common-3.1.3-22.1.92mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.2/RPMS/kdepim-kaddressbook-3.1.3-22.1.92mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.2/RPMS/kdepim-karm-3.1.3-22.1.92mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.2/RPMS/kdepim-knotes-3.1.3-22.1.92mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.2/RPMS/kdepim-korganizer-3.1.3-22.1.92mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.2/RPMS/kdepim-kpilot-3.1.3-22.1.92mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.2/RPMS/libkdepim2-common-3.1.3-22.1.92mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.2/RPMS/libkdepim2-common-devel-3.1.3-22.1.92mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.2/RPMS/libkdepim2-korganizer-3.1.3-22.1.92mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.2/RPMS/libkdepim2-korganizer-devel-3.1.3-22.1.92mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.2/RPMS/libkdepim2-kpilot-3.1.3-22.1.92mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.2/RPMS/libkdepim2-kpilot-devel-3.1.3-22.1.92mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.2/SRPMS/kdepim-3.1.3-22.1.92mdk.src.rpm

Mandrake Linux 9.2/AMD64:
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/amd64/9.2/RPMS/kdepim-3.1.3-22.1.92mdk.amd64.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/amd64/9.2/RPMS/kdepim-common-3.1.3-22.1.92mdk.amd64.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/amd64/9.2/RPMS/kdepim-kaddressbook-3.1.3-22.1.92mdk.amd64.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/amd64/9.2/RPMS/kdepim-karm-3.1.3-22.1.92mdk.amd64.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/amd64/9.2/RPMS/kdepim-knotes-3.1.3-22.1.92mdk.amd64.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/amd64/9.2/RPMS/kdepim-korganizer-3.1.3-22.1.92mdk.amd64.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/amd64/9.2/RPMS/kdepim-kpilot-3.1.3-22.1.92mdk.amd64.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/amd64/9.2/RPMS/lib64kdepim2-common-3.1.3-22.1.92mdk.amd64.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/amd64/9.2/RPMS/lib64kdepim2-common-devel-3.1.3-22.1.92mdk.amd64.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/amd64/9.2/RPMS/lib64kdepim2-korganizer-3.1.3-22.1.92mdk.amd64.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/amd64/9.2/RPMS/lib64kdepim2-korganizer-devel-3.1.3-22.1.92mdk.amd64.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/amd64/9.2/RPMS/lib64kdepim2-kpilot-3.1.3-22.1.92mdk.amd64.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/amd64/9.2/RPMS/lib64kdepim2-kpilot-devel-3.1.3-22.1.92mdk.amd64.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/amd64/9.2/SRPMS/kdepim-3.1.3-22.1.92mdk.src.rpm

上述升级软件还可以在下列地址中的任意一个镜像ftp服务器上下载:
http://www.mandrakesecure.net/en/ftp.php

RedHat
------
RedHat已经为此发布了一个安全公告(RHSA-2004:006-01)以及相应补丁:
RHSA-2004:006-01:Updated kdepim packages resolve security vulnerability
链接:https://www.redhat.com/support/errata/RHSA-2004-006.html

补丁下载:

Red Hat Linux 9:

SRPMS:
ftp://updates.redhat.com/9/en/os/SRPMS/kdepim-3.1-6.src.rpm

i386:
ftp://updates.redhat.com/9/en/os/i386/kdepim-3.1-6.i386.rpm
ftp://updates.redhat.com/9/en/os/i386/kdepim-devel-3.1-6.i386.rpm

浏览次数:3447
严重程度:0(网友投票)
本安全漏洞由绿盟科技翻译整理,版权所有,未经许可,不得转载
绿盟科技给您安全的保障