'FW: reported BugTraq vulnerabilty in kvt'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-devel
Subject:    FW: reported BugTraq vulnerabilty in kvt
From:       Duncan Haldane <f.d.m.haldane () mciworld ! com>
Date:       1999-10-09 17:20:38
[Download RAW message or body]


-----FW: reported BugTraq vulnerabilty in kvt-----

Date: Sat, 09 Oct 1999 12:29:41 -0400 (EDT)
From: Duncan  Haldane <f.d.m.haldane@mciworld.com>
To: swain@core-sdi.com, cls@seawood.org, btellier@webley.com,
 pioppo@FERRARA.LINUX.IT, kde-devel@kde.org
Subject: reported BugTraq vulnerabilty in kvt
Bcc: Duncan  Haldane <f.d.m.haldane@mciworld.com>

message to bugtraq reporters
(copy to kde-devel@kde.org)


you guys reported on a buffer overflow in kvt on bugtraq,
which was picked up and publicized by Linux Weekly News this week.
(see Security Reports in http://www.lwn.net/1999/1007/security.phtml )


Your reports appear to concern kvt-0.18.7 which was released
with KDE-1.1.1 rather than kvt-1.1.1.1 which is in the recent
kde-1.1.2 release.

can you help me confirm that this vulnerability is gone in the latest
(KDE-1.1.2) release of kvt?


(LWN incorrectly stated that kvt is missing from KDE-1.1.2;
this is not correct - though possible the "Official-RedHat-6.x"
packages don't include it.  It is certainly included in the rpms
for RedHat 5.x that I maintain at ftp.kde.org, and is part of the KDE-1.1.2
distribution.  (It will be dropped in KDE-2.x)

kvt has a number of security fixes since the KDE-1.1.1 release
that are in the latest version.

I tested  kvt-1.1.1.1 with the following entry in my .bashrc



# .bashrc
<snip>
alias xtitle='echo -n "\033]2; `cat ~/textfile `)"'
xtitle


(here \033 represents the escape character).

Here ~/textfile is a 60K ascii text file.
kvt did not crash: the (beginning) of the contents of textfile are displayed in
the titlebar, and the (rest of the ?) file is cat'ted to the new kvt window.

Can you confirm that this behavior means that kvt-1.1.1.1 in KDE-1.1.2 does NOT
have the reported vulnerability any more? (or was the 60K title too short to crash it)

It would be useful if one of the vulnerability-reporters
could send me a short shell script to test for it on kvt-1.1.1.1,
if my test is not conclusive in showing it is absence. 

kvt-1.1.1.1 is in the kdebase-1.1.2-1rh5x.i386.rpm package at ftp.kde.org.
for the convenience of any testers, I have uploaded this binary to
ftp://ftp.kde.org/pub/kde/Incoming/kvt-1.1.1.1-for-testing  (about 100K)
(It should appear there "shortly")
This is compiled on RedHat 5.2, but also runs on RedHat 6.0.


TIA
duncan@kde.org



----------------------------------
E-Mail: Duncan  Haldane <f.d.m.haldane@mciworld.com>
Date: 09-Oct-99
Time: 12:29:41

This message was sent by XFMail
----------------------------------

--------------End of forwarded message-------------------------

----------------------------------
E-Mail: Duncan  Haldane <f.d.m.haldane@mciworld.com>
Date: 09-Oct-99
Time: 13:20:23

This message was sent by XFMail
----------------------------------

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic