KPdf和KWord多个缓冲区溢出漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1196441 漏洞类型 边界条件错误
发布时间 2006-01-05 更新时间 2007-02-07
CVE编号 CVE-2006-0746 CNNVD-ID CNNVD-200603-124
漏洞平台 N/A CVSS评分 7.5
|漏洞来源
https://cxsecurity.com/issue/WLB-2006030059
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200603-124
|漏洞详情
KPdf是kdegraphics软件包中捆绑的基于KDE的PDF浏览器,KWord是koffice软件包中捆绑的基于KDE的文字处理器。KPdf和KWord都包含有用于处理PDF文件的Xpdf代码,该Xpdf代码中存在几个堆溢出和整数溢出。如果攻击者能够诱骗用户使用Kpdf或KWord打开特制的PDF文件的话,就可以以受影响应用程序的权限执行任意代码。
|漏洞EXP
KDE Security Advisory: kpdf/xpdf heap based buffer overflow
Original Release Date: 2006-03-10
URL: http://www.kde.org/info/security/advisory-20060202-1.txt

0. References
        CVE-2006-0746

1. Systems affected:

KDE 3.3.2 with patch from CVE-2005-3627 applied. Please
        note that the patch for KDE 3.4.x and newer was correct and
        is unaffected.

2. Overview:

kpdf, the KDE pdf viewer, shares code with xpdf. xpdf contains
        multiple vulnerabilities, one of them being CVE-2005-3627,
        that was patched in the KDE security advisory 20051207-2.
        However, the patch published for KDE 3.3.x was faulty and
        only partially fixed the vulnerability. We'd like to thank
        Marcelo Ricardo Leitner for bringing this error to our attention.
        The Common Vulnerabilities and Exposures project has assigned
        CVE-2006-0746 to this issue.

3. Impact:

Remotely supplied pdf files can be used to execute arbitrary
        code on the client machine.

4. Solution:

Source code patches have been made available which fix these
        vulnerabilities. Contact your OS vendor / binary package provider
        for information about how to obtain updated binary packages.

5. Patch:

Patch for KDE 3.3.2 and newer is available from 
        ftp://ftp.kde.org/pub/kde/security_patches :

ea346b89a3b39915abbfd56841b9df23  post-3.3.2-kdegraphics-CVE-2006-0746.diff

-- 
Dirk//-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQBEEYk/vsXr+iuy1UoRApcSAKCp8tSRzja9XlXgFjqrnhOFG2d+aACdFeOX
aAjpOeuOJEbb5BVEeg2O6Q4=
=Zd0t
-----END PGP SIGNATURE-----
|参考资料

来源:MANDRIVA
名称:MDKSA-2006:054
链接:http://frontal2.mandriva.com/security/advisories?name=MDKSA-2006:054
来源:XF
名称:kde-kpdf-patch-bo(25146)
链接:http://xforce.iss.net/xforce/xfdb/25146
来源:BID
名称:17039
链接:http://www.securityfocus.com/bid/17039
来源:BUGTRAQ
名称:20060310[KDESecurityAdvisory]kpdfofKDE3.3.xheapbasedbufferoverflow
链接:http://www.securityfocus.com/archive/1/archive/1/427299/100/0/threaded
来源:REDHAT
名称:RHSA-2006:0262
链接:http://www.redhat.com/support/errata/RHSA-2006-0262.html
来源:MANDRIVA
名称:MDKSA-2006:054
链接:http://www.mandriva.com/security/advisories?name=MDKSA-2006:054
来源:www.kde.org
链接:http://www.kde.org/info/security/advisory-20060202-1.txt
来源:DEBIAN
名称:DSA-1008
链接:http://www.debian.org/security/2006/dsa-1008
来源:SECTRACK
名称:1015751
链接:http://securitytracker.com/id?1015751
来源:SREASON
名称:566
链接:http://securityreason.com/securityalert/566
来源:SECUNIA
名称:19264
链接:http://secunia.com/advisories/19264
来源:SECUNIA
名称:19190
链接:http://secunia.com/advisories/19190
来源:SECUNIA
名称:19189
链接:http://