LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 24, 2012

A uTouch architecture introduction

LWN.net Weekly Edition for May 17, 2012

Tasting the Ice Cream Sandwich

Highlights from the PostgreSQL 9.2 beta

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

kdenetwork: buffer overflow

Package(s):kdenetwork CVE #(s):CAN-2002-1247
Created:November 11, 2002 Updated:December 20, 2002
Description: iDEFENSE reports a security vulnerability in the klisa package, that provides a LAN information service similar to "Network Neighbourhood", which was discovered by Texonet. It is possible for a local attacker to exploit a buffer overflow condition in resLISa, a restricted version of KLISa. The vulnerability exists in the parsing of the LOGNAME environment variable, an overly long value will overwrite the instruction pointer thereby allowing an attacker to seize control of the executable.
Alerts:
Debian DSA-214-1 2002-12-20
Mandrake MDKSA-2002:080 2002-11-21
SuSE SuSE-SA:2002:042 2002-11-12
Debian DSA-193-1 2002-11-11
(Log in to post comments)

Copyright © 2012, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds