KDE KJS Encodeuri/Decodeuri远程堆溢出漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1196306 漏洞类型 缓冲区溢出
发布时间 2006-01-20 更新时间 2007-01-02
CVE编号 CVE-2006-0019 CNNVD-ID CNNVD-200601-260
漏洞平台 N/A CVSS评分 7.5
|漏洞来源
https://www.securityfocus.com/bid/16325
https://cxsecurity.com/issue/WLB-2006010051
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200601-260
|漏洞详情
KDE是一个为UNIX工作站设计的强大的开源图形桌面环境。Konqueror和其他KDE组件所使用的JavaScript解释器引擎KJS中存在堆溢出漏洞,远程攻击者可能利用此漏洞在用户机器上执行任意指令。如果解码了攻击精心构造的UTF-8编码的URI序列的话,就会触发这个漏洞,导致Web浏览器崩溃或执行任意指令。
|漏洞EXP
KDE Security Advisory: kjs encodeuri/decodeuri heap overflow vulnerability
Original Release Date: 2006-01-19
URL: http://www.kde.org/info/security/advisory-20060119-1.txt

0. References
        CVE-2006-0019

1. Systems affected:

KDE 3.2.0 up to including KDE 3.5.0

2. Overview:

Maksim Orlovich discovered an incorrect bounds check in kjs,
        the JavaScript interpreter engine used by Konqueror and other
        parts of KDE, that allows a heap based buffer overflow
        when decoding specially crafted UTF-8 encoded URI sequences.

3. Impact:

Remotely supplied Javascript code can perform a heap overflow
        and crash the web browser or execute arbitrary code.

4. Solution:

Source code patches have been made available which fix these
        vulnerabilities. Contact your OS vendor / binary package provider
        for information about how to obtain updated binary packages.

5. Patch:

Patch for KDE 3.4.0 - 3.5.0 is available from 
        ftp://ftp.kde.org/pub/kde/security_patches :

ecc0ec13ce3b06e94e35aa8e937e02bf  post-3.4.3-kdelibs-kjs.diff

Patch for KDE 3.2.0 - 3.3.2 is available from 
        ftp://ftp.kde.org/pub/kde/security_patches :

9bca9b44ca2d84e3b2f85ffb5d30e047  post-3.2.3-kdelibs-kjs.diff

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQBD0A2SvsXr+iuy1UoRAmXHAKCws5OgDiteQti4XNibfE92cuLrdwCgkD29
5Y047yDX048bFKmWpg7NFNY=
=wufg
-----END PGP SIGNATURE-----
|受影响的产品
Ubuntu Ubuntu Linux 5.10 powerpc Ubuntu Ubuntu Linux 5.10 i386 Ubuntu Ubuntu Linux 5.10 amd64 Ubuntu Ubuntu Linux 5.0 4 powerpc Ubuntu Ubuntu Linux 5.0 4 i386 Ubuntu Ubuntu
|参考资料

来源:BUGTRAQ
名称:20060119[KDESecurityAdvisory]kjsencodeuri/decodeuriheapoverflow
链接:http://www.securityfocus.com/archive/1/archive/1/422464/100/0/threaded
来源:www.kde.org
链接:http://www.kde.org/info/security/advisory-20060119-1.txt
来源:VUPEN
名称:ADV-2006-0265
链接:http://www.frsirt.com/english/advisories/2006/0265
来源:SECUNIA
名称:18500
链接:http://secunia.com/advisories/18500
来源:ftp.kde.org
链接:ftp://ftp.kde.org/pub/kde/security_patches/post-3.4.3-kdelibs-kjs.diff
来源:UBUNTU
名称:USN-245-1
链接:http://www.ubuntu.com/usn/usn-245-1
来源:SUSE
名称:SUSE-SA:2006:003
链接:http://www.securityfocus.com/archive/1/archive/1/422489/100/0/threaded
来源:REDHAT
名称:RHSA-2006:0184
链接:http://www.redhat.com/support/errata/RHSA-2006-0184.html
来源:GENTOO
名称:GLSA-200601-11
链接:http://www.gentoo.org/security/en/glsa/glsa-200601-11.xml
来源:DEBIAN
名称:DSA-948
链接:http://www.debian.org/security/2006/dsa-948
来源:SECUNIA
名称:18570
链接:http://secunia.com/advisories/18570
来源:SECUNIA
名称:18561
链接:http://secunia.com/advisories/18561
来源:SECUNIA
名称:185