Bug 113007 - CAN-2003-0988 kdepim VCF parsing vulnerability
CAN-2003-0988 kdepim VCF parsing vulnerability
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 3
Classification: Red Hat
Component: kdepim (Show other bugs)
3.0
All Linux
medium Severity medium
: ---
: ---
Assigned To: Ngo Than
Ben Levenson
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2004-01-07 05:05 EST by Mark J. Cox (Product Security)
Modified: 2007-11-30 17:07 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2004-01-14 09:46:39 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Mark J. Cox (Product Security) 2004-01-07 05:05:24 EST
The KDE team found a buffer overflow in the file information reader of
VCF files. An attacker could construct a VCF file so that when it was
opened by a victim it would execute arbitrary commands. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the
name CAN-2003-0988 to this issue.

        CAN-2003-0988 Affects: 3AS 3ES 3WS 

Note the kdepim packages in RHEL 2.1 are not affected by this issue.

RHSA-2004:005 will provide updated packages with a backported security
patch.

This issue is under embargo and will be opened on January 14th 2004.
Comment 1 Mark J. Cox (Product Security) 2004-01-14 09:46:39 EST
Fixed, see http://rhn.redhat.com/errata/RHSA-2004-005.html

Note You need to log in before you can comment on or make changes to this bug.