Bug 146290 - CAN-2005-0011 buffer overflow in fliccd
CAN-2005-0011 buffer overflow in fliccd
Product: Fedora
Classification: Fedora
Component: kdeedu (Show other bugs)
All Linux
medium Severity high
: ---
: ---
Assigned To: Ngo Than
: Security
Depends On:
  Show dependency treegraph
Reported: 2005-01-26 13:56 EST by Josh Bressers
Modified: 2007-11-30 17:10 EST (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2005-02-17 09:20:37 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Josh Bressers 2005-01-26 13:56:40 EST
Erik Sjölund discovered that a buffer overflow in fliccd which is installed
setuid root can be exploited quite easily and will probably allow arbitrary code
to be executed.

We are waiting on a patch.
Comment 1 Josh Bressers 2005-01-26 13:57:17 EST
This issue should also affect FC2.
Comment 2 Bill Nottingham 2005-01-26 16:40:32 EST
The setuid bit should probably be turned off while we're there.
Comment 3 Ngo Than 2005-01-28 10:27:36 EST
yes, it should be romoved in next rebuild
Comment 4 Ngo Than 2005-02-01 08:11:39 EST
it's only effected in FC3! and is now fixed in kdeedu-3.3.1-2.2.
Comment 5 Mark J. Cox 2005-02-10 10:31:30 EST
Dirk Mueller said: " the previous patch was bogus. I've updated the
bugs that were pointed out in it and diffed it against 3.3. Also, I
removed non-relevant chunks from the diff. 

I've noticed that there is no fliccd in KDE 3.2.x and older. This
means that the local-root vulnerability is restricted to KDE 3.3.x.
will do an updated  advisory tomorrow morning. 

public disclosure delayed until February 15"
Comment 6 Ngo Than 2005-02-10 10:52:02 EST
yes, i have got this change. The new kdeedu-3.3.1-2.3, which i have
built 2 days ago in fc3-updates-candidate, has the correct fix ;-)
Comment 7 Mark J. Cox 2005-02-17 04:16:22 EST
public, removing embargo.
Comment 8 Josh Bressers 2005-02-17 09:20:37 EST
Pushed as FEDORA-2005-148

Note You need to log in before you can comment on or make changes to this bug.