Hosting Provided By

CVS: cvs.openbsd.org: ports

From: Brad Smith <brad(at)cvs.openbsd.org>
Date: Fri Nov 29 2002 - 09:18:16 EST

CVSROOT:	/cvs
Module name:	ports
Changes by:	brad@cvs.openbsd.org	2002/11/29 07:18:16

Modified files:
	x11/kde/network3: Makefile 
Added files:
	x11/kde/network3/patches: patch-lanbrowsing_kio_lan_kio_lan_cpp 
	                          patch-lanbrowsing_lisa_lisadefines_h 
	                          patch-lanbrowsing_lisa_netmanager_cpp 
	                          patch-lanbrowsing_lisa_netscanner_cpp

Log message:
Fix 3 vulnerabilites.

The resLISa daemon contains a buffer overflow vulnerability which potentially enables any local user to obtain access to a raw socket if 'reslisa' is installed SUID root. This vulnerability was discovered by the iDEFENSE security team and Texonet.

The lisa daemon contains a buffer overflow vulnerability which potentially enables any local user, as well any any remote attacker on the LAN who is able to gain control of the LISa port (7741 by default), to obtain root privileges.

In addition, a remote attacker potentially may be able to gain access to a victim's account by using an "lan://" URL in an HTML page or via another KDE application. These vulnerabilities were discovered by Olaf Kirch at SuSE Linux AG.

http://www.kde.org/info/security/advisory-20021111-2.txt Received on Fri Nov 29 09:18:47 2002

This message: [ Message body ]
Next message: David Lebel: "CVS: cvs.openbsd.org: ports"
Previous message: Brad Smith: "CVS: cvs.openbsd.org: ports"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 13:45:56 EDT