KDE KJS Encodeuri/Decodeuri远程堆溢出漏洞
| CNNVD-ID编号 | CNNVD-200601-260 | CVE编号 | CVE-2006-0019 |
| 发布时间 | 2006-01-20 | 更新时间 | 2006-01-30 |
| 漏洞类型 | 缓冲区溢出 | 漏洞来源 | Dirk Mueller [email protected] |
| 危险等级 | 高危 | 威胁类型 | 远程 |
| 厂商 | kde | ||
漏洞介绍
KDE是一个为UNIX工作站设计的强大的开源图形桌面环境。
Konqueror和其他KDE组件所使用的JavaScript解释器引擎KJS中存在堆溢出漏洞,远程攻击者可能利用此漏洞在用户机器上执行任意指令。如果解码了攻击精心构造的UTF-8编码的URI序列的话,就会触发这个漏洞,导致Web浏览器崩溃或执行任意指令。
漏洞补丁
目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
KDE KDE 3.2
KDE post-3.2.3-kdelibs-kjs.diff
ftp://ftp.kde.org/pub/kde/security_patches/post-3.2.3-kdelibs-kjs.diff
KDE KDE 3.2.1
KDE post-3.2.3-kdelibs-kjs.diff
ftp://ftp.kde.org/pub/kde/security_patches/post-3.2.3-kdelibs-kjs.diff
KDE KDE 3.2.2
KDE post-3.2.3-kdelibs-kjs.diff
ftp://ftp.kde.org/pub/kde/security_patches/post-3.2.3-kdelibs-kjs.diff
KDE KDE 3.2.3
KDE post-3.2.3-kdelibs-kjs.diff
ftp://ftp.kde.org/pub/kde/security_patches/post-3.2.3-kdelibs-kjs.diff
Slackware kdelibs-3.2.3-i486-3.tgz
Slackware 10.0:
ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/ kdelibs-3.2.3-i486-3.tgz
KDE KDE 3.3
KDE post-3.2.3-kdelibs-kjs.diff
ftp://ftp.kde.org/pub/kde/security_patches/post-3.2.3-kdelibs-kjs.diff
KDE KDE 3.3.1
KDE post-3.2.3-kdelibs-kjs.diff
ftp://ftp.kde.org/pub/kde/security_patches/post-3.2.3-kdelibs-kjs.diff
KDE KDE 3.3.2
Slackware kdelibs-3.3.2-i486-3.tgz
Slackware 10.1:
ftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/ kdelibs-3.3.2-i486-3.tgz
Slackware kdelibs-3.4.2-i486-2.tgz
Slackware 10.2:
ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/ kdelibs-3.4.2-i486-2.tgz
KDE KDE 3.3.2
KDE post-3.2.3-kdelibs-kjs.diff
ftp://ftp.kde.org/pub/kde/security_patches/post-3.2.3-kdelibs-kjs.diff
KDE kdelibs 3.4
SuSE kdelibs3-3.4.0-20.10.i586.rpm
SUSE LINUX 9.3:
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/kdelibs3-3.4.0-20 .10.i586.rpm
SuSE kdelibs3-3.4.0-20.10.x86_64.rpm
SUSE LINUX 9.3:
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/kdelibs3-3.4.0- 20.10.x86_64.rpm
SuSE kdelibs3-32bit-9.3-7.4.x86_64.rpm
SUSE LINUX 9.3:
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/kdelibs3-32bit- 9.3-7.4.x86_64.rpm
SuSE kdelibs3-devel-3.4.0-20.10.i586.rpm
SUSE LINUX 9.3:
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/kdelibs3-devel-3. 4.0-20.10.i586.rpm
SuSE kdelibs3-devel-3.4.0-20.10.x86_64.rpm
SUSE LINUX 9.3:
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/kdelibs3-devel- 3.4.0-20.10.x86_64.rpm
Ubuntu kdelibs-bin_3.4.0-0ubuntu3.5_amd64.deb
Ubuntu 5.04:
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-bin_3.4. 0-0ubuntu3.5_amd64.deb
Ubuntu kdelibs-bin_3.4.0-0ubuntu3.5_i386.deb
Ubuntu 5.04:
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-bin_3.4. 0-0ubuntu3.5_i386.deb
Ubuntu kdelibs-bin_3.4.0-0ubuntu3.5_powerpc.deb
Ubuntu 5.04:
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-bin_3.4. 0-0ubuntu3.5_powerpc.deb
Ubuntu kdelibs-data_3.4.0-0ubuntu3.5_all.deb
Ubuntu 5.04:
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-data_3.4 .0-0ubuntu3.5_all.deb
Ubuntu kdelibs-data_3.4.3-0ubuntu2_all.deb
Ubuntu 5.10:
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-data_3.4 .3-0ubuntu2_all.deb
Ubuntu kdelibs_3.4.0-0ubuntu3.5_all.deb
Ubuntu 5.04:
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.4.0-0u buntu3.5_all.deb
Ubuntu kdelibs4-dev_3.4.0-0ubuntu3.5_amd64.deb
Ubuntu 5.04:
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.4 .0-0ubuntu3.5_amd64.deb
Ubuntu kdelibs4-dev_3.4.0-0ubuntu3.5_i386.deb
Ubuntu 5.04:
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.4 .0-0ubuntu3.5_i386.deb
Ubuntu kdelibs4-dev_3.4.0-0ubuntu3.5_powerpc.deb
Ubuntu 5.04:
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.4 .0-0ubuntu3.5_powerpc.deb
Ubuntu kdelibs4-doc_3.4.0-0ubuntu3.5_all.deb
Ubuntu 5.04:
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-doc_3.4 .0-0ubuntu3.5_all.deb
Ubuntu kdelibs4_3.4.0-0ubuntu3.5_amd64.deb
Ubuntu 5.04:
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4_3.4.0-0 ubuntu3.5_amd64.deb
Ubuntu kdelibs4_3.4.0-0ubuntu3.5_i386.deb
Ubuntu 5.04:
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4_3.4.0-0 ubuntu3.5_i386.deb
Ubuntu kdelibs4_3.4.0-0ubuntu3.5_powerpc.deb
Ubuntu 5.04:
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4_3.4.0-0 u
参考网址
来源: BUGTRAQ
名称: 20060119 [KDE Security Advisory] kjs encodeuri/decodeuri heap overflow
链接:http://www.securityfocus.com/archive/1/archive/1/422464/100/0/threaded
来源: www.kde.org
链接:http://www.kde.org/info/security/advisory-20060119-1.txt
来源: VUPEN
名称: ADV-2006-0265
链接:http://www.frsirt.com/english/advisories/2006/0265
来源: SECUNIA
名称: 18500
链接:http://secunia.com/advisories/18500
来源: ftp.kde.org
链接:链接:ftp://ftp.kde.org/pub/kde/security_patches/post-3.4.3-kdelibs-kjs.diff
来源: UBUNTU
名称: USN-245-1
链接:http://www.ubuntu.com/usn/usn-245-1
来源: SUSE
名称: SUSE-SA:2006:003
链接:http://www.securityfocus.com/archive/1/archive/1/422489/100/0/threaded
来源: REDHAT
名称: RHSA-2006:0184
链接:http://www.redhat.com/support/errata/RHSA-2006-0184.html
来源: GENTOO
名称: GLSA-200601-11
链接:http://www.gentoo.org/security/en/glsa/glsa-200601-11.xml
来源: DEBIAN
名称: DSA-948
链接:http://www.debian.org/security/2006/dsa-948
来源: SECUNIA
名称: 18570
链接:http://secunia.com/advisories/18570
来源: SECUNIA
名称: 18561
链接:http://secunia.com/advisories/18561
来源: SECUNIA
名称: 18559
链接:http://secunia.com/advisories/18559
来源: SECUNIA
名称: 18552
链接:http://secunia.com/advisories/18552
来源: SECUNIA
名称: 18540
链接:http://secunia.com/advisories/18540
来源: MANDRIVA
名称: MDKSA-2006:019
链接:http://frontal2.mandriva.com/security/advisories?name=MDKSA-2006:019
来源: XF
名称: kde-kjs-bo(24242)
链接:http://xforce.iss.net/xforce/xfdb/24242
来源: BID
名称: 16325
链接:http://www.securityfocus.com/bid/16325
来源: FEDORA
名称: FLSA:178606
链接:http://www.securityfocus.com/archive/1/archive/1/427976/100/0/threaded
来源: OSVDB
名称: 22659
来源: MANDRIVA
名称: MDKSA-2006:019
链接:http://www.mandriva.com/security/advisories?name=MDKSA-2006:019
来源: SLACKWARE
名称: SSA:2006-045-05
链接:http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.361107
来源: SECTRACK
名称: 1015512
链接:http://securitytracker.com/id?1015512
来源: SREASON
名称: 364
链接:http://securityreason.com/securityalert/364
来源: SECUNIA
名称: 18899
链接:http://secunia.com/advisories/18899
受影响实体
Kde Kde:3.5.0 Kde Kde:3.4.2 Kde Kde:3.3.2 Kde Kde:3.3.X Kde Kde:3.4信息来源
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200601-260
评论