CVE-2005-1046
CVSS7.5
发布时间 :2005-05-02 00:00:00
修订时间 :2011-03-07 21:21:00
NMCOPS    

[原文]Buffer overflow in the kimgio library for KDE 3.4.0 allows remote attackers to execute arbitrary code via a crafted PCX image file.


[CNNVD]KDE PCX图形文件处理缓冲区溢出漏洞(CNNVD-200505-195)

        KDE是一个为UNIX工作站设计的强大的开源图形桌面环境。
        KDE中存在处理PCX图形文件时存在缓冲区溢出漏洞,起因是kimgio图形库没能正确的验证PCX图形数据。

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:5802PCX Plugin of Gimp Vulnerability
oval:org.mitre.oval:def:11081Buffer overflow in the kimgio library for KDE 3.4.0 allows remote attackers to execute arbitrary code via a crafted PCX image file.
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1046
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-1046
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200505-195
(官方数据源) CNNVD

- 其它链接及资源

http://www.novell.com/linux/security/advisories/2005_22_kdelibs3.html
(VENDOR_ADVISORY)  SUSE  SUSE-SA:2005:022
http://www.debian.org/security/2005/dsa-714
(VENDOR_ADVISORY)  DEBIAN  DSA-714
http://secunia.com/advisories/14908
(VENDOR_ADVISORY)  SECUNIA  14908
http://www.vupen.com/english/advisories/2007/4241
(UNKNOWN)  VUPEN  ADV-2007-4241
http://www.vupen.com/english/advisories/2005/0331
(UNKNOWN)  VUPEN  ADV-2005-0331
http://bugs.kde.org/show_bug.cgi?id=102328
(VENDOR_ADVISORY)  MISC  http://bugs.kde.org/show_bug.cgi?id=102328
http://www.securityfocus.com/bid/13096
(UNKNOWN)  BID  13096
http://www.securityfocus.com/archive/1/archive/1/427976/100/0/threaded
(UNKNOWN)  FEDORA  FLSA:178606
http://www.redhat.com/support/errata/RHSA-2005-393.html
(UNKNOWN)  REDHAT  RHSA-2005:393
http://www.kde.org/info/security/advisory-20050421-1.txt
(UNKNOWN)  CONFIRM  http://www.kde.org/info/security/advisory-20050421-1.txt
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201320-1
(UNKNOWN)  SUNALERT  201320
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103170-1
(UNKNOWN)  SUNALERT  103170
http://secunia.com/advisories/28114
(UNKNOWN)  SECUNIA  28114

- 漏洞信息

KDE PCX图形文件处理缓冲区溢出漏洞
高危 缓冲区溢出
2005-05-02 00:00:00 2009-03-04 00:00:00
远程  
        KDE是一个为UNIX工作站设计的强大的开源图形桌面环境。
        KDE中存在处理PCX图形文件时存在缓冲区溢出漏洞,起因是kimgio图形库没能正确的验证PCX图形数据。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复此安全问题,补丁获取链接:
        http://bugs.kde.org/attachment.cgi?id=10326&action=view" target="_blank"

- 漏洞信息 (F38408)

Ubuntu Security Notice 114-1 (PacketStormID:F38408)
2005-07-02 00:00:00
Ubuntu  ubuntu.com
advisory,overflow,arbitrary
linux,ubuntu
CVE-2005-1046
[点击下载]

Ubuntu Security Notice USN-114-1 - Bruno Rohee discovered a buffer overflow in the PCX decoder of kimgio. If an attacker tricked a user into loading a malicious PCX image with a KDE application, he could exploit this to execute arbitrary code with the privileges of the user opening the image.

===========================================================
Ubuntu Security Notice USN-114-1	       May 03, 2005
kdelibs vulnerability
CAN-2005-1046
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 5.04 (Hoary Hedgehog)

The following packages are affected:

kdelibs

The problem can be corrected by upgrading the affected package to
version 3.4.0-0ubuntu3.1.  In general, a standard system upgrade is
sufficient to effect the necessary changes.

Details follow:

Bruno Rohee discovered a buffer overflow in the PCX decoder of kimgio.
If an attacker tricked a user into loading a malicious PCX image with
a KDE application, he could exploit this to execute arbitrary code
with the privileges of the user opening the image.

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.4.0-0ubuntu3.1.diff.gz
      Size/MD5:  359873 e047143bce6bc7c4d513ef39f4d9032d
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.4.0-0ubuntu3.1.dsc
      Size/MD5:  1334 84191cecdc42f082bb47bf9e0381360e
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.4.0.orig.tar.gz
      Size/MD5:  20024253 471740de13cfed37d35eb180fc1b9b38

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.4.0-0ubuntu3.1_i386.deb
      Size/MD5:  1300478 e9cbaccebc510a3ab29de999a83ed709
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-bin_3.4.0-0ubuntu3.1_i386.deb
      Size/MD5:  838688 1e6e6725942aeb513c9b441d5c41cb07
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4_3.4.0-0ubuntu3.1_i386.deb
      Size/MD5:  8395642 d44b82cf611cfbd160593bc05762c622

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.4.0-0ubuntu3.1_all.deb
      Size/MD5:  19822 32b8820b1483ce73ba15ffa9d0330487
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-data_3.4.0-0ubuntu3.1_all.deb
      Size/MD5:  8012690 88e4dbac643daaf7235598d8b94a7728
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-doc_3.4.0-0ubuntu3.1_all.deb
      Size/MD5:  12072382 58c8c8767295c9ef9b11f2889530c840

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4_3.4.0-0ubuntu3.1_amd64.deb
      Size/MD5:  8968464 7674d54d68aea22b36319bf1c6051985
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-bin_3.4.0-0ubuntu3.1_amd64.deb
      Size/MD5:  920772 97a404d13d87a8cc93d0562ff60d1fb2
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.4.0-0ubuntu3.1_amd64.deb
      Size/MD5:  1303100 8f11bcf3fb6748dc8231b55e055d481d

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.4.0-0ubuntu3.1_powerpc.deb
      Size/MD5:  1303876 0083b3b318bce500c7bf47a2fa06ba67
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4_3.4.0-0ubuntu3.1_powerpc.deb
      Size/MD5:  8367604 80b397e0202fda0ac246797e0ad093e3
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-bin_3.4.0-0ubuntu3.1_powerpc.deb
      Size/MD5:  903598 9cc850b736e63ee742dd45edc0b56797

    

- 漏洞信息 (F37819)

KDE Security Advisory 2005-04-21.1 (PacketStormID:F37819)
2005-06-01 00:00:00
KDE Desktop  kde.org
advisory,arbitrary,vulnerability
CVE-2005-1046
[点击下载]

KDE Security Advisory: kimgio contains a PCX image file format reader that does not properly perform input validation. A source code audit performed by the KDE security team discovered several vulnerabilities in the PCX and other image file format readers, some of them exploitable to execute arbitrary code.

KDE Security Advisory: kimgio input validation errors
Original Release Date: 2005-04-21
URL: http://www.kde.org/info/security/advisory-20050421-1.txt

0. References

        http://bugs.kde.org/102328
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1046


1. Systems affected:

        kdelibs as shipped with KDE 3.2 up to including KDE 3.4.


2. Overview:

        kimgio contains a PCX image file format reader that does
        not properly perform input validation. A source code audit
        performed by the KDE security team discovered several
        vulnerabilities in the PCX and other image file format
        readers, some of them exploitable to execute arbitrary
        code.


3. Impact:

        Remotly supplied, specially crafted image files can be used
        to execute arbitrary code.


4. Solution:

        Source code patches have been made available which fix these
        vulnerabilities. Contact your OS vendor / binary package provider
        for information about how to obtain updated binary packages.


5. Patch:

        A patch for KDE 3.4.0 is available from 
        ftp://ftp.kde.org/pub/kde/security_patches :

        78473d4dad612e6617eb6652eec2ab80  post-3.4.0-kdelibs-kimgio.diff

        A patch for KDE 3.3.2 is available from 
        ftp://ftp.kde.org/pub/kde/security_patches :

        8366d0e5c8101c315a0bdafac54536d6  post-3.3.2-kdelibs-kimgio.diff


6. Time line and credits:

        24/03/2005 Notification of KDE by Bruno Rohee
        21/04/2005 Coordinated Public Disclosure


    

- 漏洞信息

15478
KDE kdelibs kimgio Component PCX Image Processing Overflow
Input Manipulation
Loss of Integrity
Vendor Verified

- 漏洞描述

Unknown or Incomplete

- 时间线

2005-03-24 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

KDE PCX Image File Handling Buffer Overflow Vulnerability
Boundary Condition Error 13096
Yes No
2005-04-11 12:00:00 2008-10-09 04:48:00
Bruno Rohee reported this issue to the vendor.

- 受影响的程序版本

Ubuntu Ubuntu Linux 5.0 4 powerpc
Ubuntu Ubuntu Linux 5.0 4 i386
Ubuntu Ubuntu Linux 5.0 4 amd64
Ubuntu Ubuntu Linux 4.1 ppc
Ubuntu Ubuntu Linux 4.1 ia64
Ubuntu Ubuntu Linux 4.1 ia32
Sun Solaris 9_x86
Sun Solaris 10_x86
Sun Solaris 10.0
Sun Solaris 10
S.u.S.E. Linux Personal 9.3
S.u.S.E. Linux Personal 9.2 x86_64
S.u.S.E. Linux Personal 9.2
S.u.S.E. Linux Personal 9.1 x86_64
S.u.S.E. Linux Personal 9.1
S.u.S.E. Linux Enterprise Server 9
RedHat Enterprise Linux WS 4
RedHat Enterprise Linux ES 4
RedHat Desktop 4.0
Red Hat Fedora Core3
Red Hat Enterprise Linux AS 4
Novell Linux Desktop 9
Nortel Networks Self-Service Peri Workstation 0
Nortel Networks Self-Service Peri Application 0
Nortel Networks Self-Service Media Processing Server 0
Nortel Networks Self-Service - CCSS7 0
Nortel Networks Peri Workstation 0
Nortel Networks Peri Application 0
Nortel Networks Media Processing Svr 1000 Rel 3.0
Nortel Networks Media Processing Server
Mandriva Linux Mandrake 10.2 x86_64
Mandriva Linux Mandrake 10.2
Mandriva Linux Mandrake 10.1 x86_64
Mandriva Linux Mandrake 10.1
MandrakeSoft Corporate Server 3.0 x86_64
MandrakeSoft Corporate Server 3.0
KDE KDE 3.4
KDE KDE 3.3.2
+ Debian Linux 3.1 sparc
+ Debian Linux 3.1 s/390
+ Debian Linux 3.1 s/390
+ Debian Linux 3.1 s/390
+ Debian Linux 3.1 ppc
+ Debian Linux 3.1 ppc
+ Debian Linux 3.1 ppc
+ Debian Linux 3.1 mipsel
+ Debian Linux 3.1 mipsel
+ Debian Linux 3.1 mipsel
+ Debian Linux 3.1 mips
+ Debian Linux 3.1 mips
+ Debian Linux 3.1 mips
+ Debian Linux 3.1 m68k
+ Debian Linux 3.1 m68k
+ Debian Linux 3.1 m68k
+ Debian Linux 3.1 ia-64
+ Debian Linux 3.1 ia-64
+ Debian Linux 3.1 ia-64
+ Debian Linux 3.1 ia-32
+ Debian Linux 3.1 ia-32
+ Debian Linux 3.1 ia-32
+ Debian Linux 3.1 hppa
+ Debian Linux 3.1 hppa
+ Debian Linux 3.1 hppa
+ Debian Linux 3.1 arm
+ Debian Linux 3.1 arm
+ Debian Linux 3.1 arm
+ Debian Linux 3.1 amd64
+ Debian Linux 3.1 amd64
+ Debian Linux 3.1 amd64
+ Debian Linux 3.1 alpha
+ Debian Linux 3.1 alpha
+ Debian Linux 3.1 alpha
+ Debian Linux 3.1
+ Debian Linux 3.1
+ Debian Linux 3.1
KDE KDE 3.3.2
KDE KDE 3.3.1
+ Red Hat Fedora Core3
KDE KDE 3.3
KDE KDE 3.2.3
KDE KDE 3.2.2
+ KDE KDE 3.2.2
+ Red Hat Fedora Core2
KDE KDE 3.2.1
KDE KDE 3.2
KDE KDE 3.1.5
KDE KDE 3.1.4
KDE KDE 3.1.3
+ Red Hat Enterprise Linux AS 3
+ Red Hat Enterprise Linux AS 3
+ RedHat Desktop 3.0
+ RedHat Desktop 3.0
+ RedHat Enterprise Linux ES 3
+ RedHat Enterprise Linux ES 3
+ RedHat Enterprise Linux WS 3
KDE KDE 3.1.2
+ Conectiva Linux 9.0
+ Conectiva Linux 9.0
+ KDE KDE 3.1.2
KDE KDE 3.1.1 a
KDE KDE 3.1.1
+ Conectiva Linux 9.0
+ S.u.S.E. Linux Personal 8.2
+ S.u.S.E. Linux Personal 8.2
KDE KDE 3.1
+ RedHat Linux 9.0 i386
+ S.u.S.E. Linux 8.1
+ S.u.S.E. Linux 8.1
KDE KDE 3.0.5 b
KDE KDE 3.0.5 a
+ RedHat Linux 8.0 i386
+ RedHat Linux 7.3 i386
+ RedHat Linux 7.3 i386
KDE KDE 3.0.5
+ Conectiva Linux 8.0
KDE KDE 3.0.4
+ Conectiva Linux 8.0
+ Gentoo Linux 1.4 _rc1
+ Gentoo Linux 1.2
+ Gentoo Linux 1.2
KDE KDE 3.0.3 a
KDE KDE 3.0.3
+ Conectiva Linux 8.0
+ Conectiva Linux 8.0
+ Conectiva Linux Enterprise Edition 1.0
+ FreeBSD FreeBSD 4.7 -STABLE
+ FreeBSD FreeBSD 4.7 -STABLE
+ Mandriva Linux Mandrake 9.0
+ Mandriva Linux Mandrake 9.0
KDE KDE 3.0.2
+ Mandriva Linux Mandrake 8.2
KDE KDE 3.0.1
KDE KDE 3.0
+ Conectiva Linux 8.0
KDE KDE 2.2.2
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0
+ Debian Linux 3.0
+ Debian Linux 2.2 sparc
+ Debian Linux 2.2 powerpc
+ Debian Linux 2.2 IA-32
+ Debian Linux 2.2 arm
+ Debian Linux 2.2 alpha
+ Debian Linux 2.2 68k
+ Debian Linux 2.2
+ Mandriva Linux Mandrake 8.2 ppc
+ Mandriva Linux Mandrake 8.2 ppc
+ Mandriva Linux Mandrake 8.2
+ Mandriva Linux Mandrake 8.2
+ Mandriva Linux Mandrake 8.1 ia64
+ Mandriva Linux Mandrake 8.1 ia64
+ Mandriva Linux Mandrake 8.1
+ Mandriva Linux Mandrake 8.1
+ Red Hat Enterprise Linux AS 2.1 IA64
+ Red Hat Enterprise Linux AS 2.1 IA64
+ Red Hat Enterprise Linux AS 2.1
+ Red Hat Enterprise Linux AS 2.1
+ RedHat Advanced Workstation for the Itanium Processor 2.1
+ RedHat Enterprise Linux ES 2.1 IA64
+ RedHat Enterprise Linux ES 2.1 IA64
+ RedHat Enterprise Linux ES 2.1
+ RedHat Enterprise Linux ES 2.1
+ RedHat Enterprise Linux WS 2.1 IA64
+ RedHat Enterprise Linux WS 2.1 IA64
+ RedHat Enterprise Linux WS 2.1
+ RedHat Enterprise Linux WS 2.1
+ RedHat Linux 7.2 ia64
+ RedHat Linux 7.2 ia64
+ RedHat Linux 7.2 i386
+ RedHat Linux 7.2 i386
+ RedHat Linux 7.1 i386
+ RedHat Linux 7.1 i386
+ RedHat Linux Advanced Work Station 2.1
+ Sun Linux 5.0.7
+ Sun Linux 5.0.7
+ Sun Linux 5.0.6
+ Sun Linux 5.0.6
+ Sun Linux 5.0.5
+ Sun Linux 5.0.5
KDE KDE 2.2.1
+ Caldera OpenLinux Server 3.1.1
+ Caldera OpenLinux Server 3.1.1
+ Caldera OpenLinux Server 3.1
+ Caldera OpenLinux Server 3.1
+ Caldera OpenLinux Workstation 3.1.1
+ Caldera OpenLinux Workstation 3.1
+ Caldera OpenLinux Workstation 3.1
+ Mandriva Linux Mandrake 8.1 ia64
+ Mandriva Linux Mandrake 8.1
KDE KDE 2.2
KDE KDE 2.1.2
+ Conectiva Linux 7.0
KDE KDE 2.1.1
KDE KDE 2.1
KDE KDE 2.0.1
+ Conectiva Linux 6.0
KDE KDE 2.0 BETA
KDE KDE 2.0
Gentoo Linux
Debian Linux 3.0 sparc
Debian Linux 3.0 s/390
Debian Linux 3.0 ppc
Debian Linux 3.0 mipsel
Debian Linux 3.0 mips
Debian Linux 3.0 m68k
Debian Linux 3.0 ia-64
Debian Linux 3.0 ia-32
Debian Linux 3.0 hppa
Debian Linux 3.0 arm
Debian Linux 3.0 alpha
Debian Linux 3.0
Conectiva Linux 10.0
Conectiva Linux 9.0

- 漏洞讨论

KDE is reported prone to a buffer-overflow vulnerability when handling PCX image files because the 'kimgio' image library fails to properly validate PCX image data.

This vulnerability was reported to reside in PCX image-handling routines, but the vendor has patched other image handlers, which may mean that other image formats may also be affected by similar problems.

Attackers may exploit this vulnerability to crash applications using the affected library or possibly to execute arbitrary machine code in the context of the affected application.

- 漏洞利用

Examples of PCX images that may crash KDE applications using the affected library are included in the KDE bug-tracking database:

http://bugs.kde.org/attachment.cgi?id=10321&action=view
http://bugs.kde.org/attachment.cgi?id=10324&action=view

- 解决方案

Please see the references for more information.


Mandriva Linux Mandrake 10.1

Mandriva Linux Mandrake 10.1 x86_64

Mandriva Linux Mandrake 10.2

Mandriva Linux Mandrake 10.2 x86_64

KDE KDE 2.2.2

MandrakeSoft Corporate Server 3.0

Debian Linux 3.0 alpha

KDE KDE 3.2.1

KDE KDE 3.3

KDE KDE 3.3.2

KDE KDE 3.3.2

KDE KDE 3.4

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站