Vulnerability Bulletins |
Desbordamiento de búfer en zona de heap en interprete Javascript kjs |
|
Vulnerability classification |
|
| Property | Value |
| Confidence level | Oficial |
| Impact | Obtener acceso |
| Dificulty | Experto |
| Required attacker level | Acceso remoto sin cuenta a un servicio exotico |
System information |
|
| Property | Value |
| Affected manufacturer | GNU/Linux |
| Affected software | kjs Javascript interpreter / kdelibs |
Description |
|
|
Se ha descubierto una vulnerabilidad de tipo desbordamiento de búfer en zona de heap en el interprete de JavaScript Kjs, que se usa en el navegador Konqueror y en otras partes de KDE. La vulnerabilidad reside en que no se realizan suficientes comprobaciones de límites al procesar URIs (Uniform Resource Identifiers) codificadas en UTF-8. Un atacante remoto podría ejecutar código arbitrario mediante una URI especialmente diseñada. |
|
Solution |
|
|
Actualización de software Debian Debian Linux 3.1 Source http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_3.3.2-6.4.dsc http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_3.3.2-6.4.diff.gz http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_3.3.2.orig.tar.gz Architecture independent http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-data_3.3.2-6.4_all.deb http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-doc_3.3.2-6.4_all.deb http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_3.3.2-6.4_all.deb Alpha http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-bin_3.3.2-6.4_alpha.deb http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4_3.3.2-6.4_alpha.deb http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.3.2-6.4_alpha.deb AMD64 http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-bin_3.3.2-6.4_amd64.deb http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4_3.3.2-6.4_amd64.deb http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.3.2-6.4_amd64.deb ARM http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-bin_3.3.2-6.4_arm.deb http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4_3.3.2-6.4_arm.deb http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.3.2-6.4_arm.deb Intel IA-32 http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-bin_3.3.2-6.4_i386.deb http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4_3.3.2-6.4_i386.deb http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.3.2-6.4_i386.deb Intel IA-64 http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-bin_3.3.2-6.4_ia64.deb http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4_3.3.2-6.4_ia64.deb http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.3.2-6.4_ia64.deb HP Precision http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-bin_3.3.2-6.4_hppa.deb http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4_3.3.2-6.4_hppa.deb http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.3.2-6.4_hppa.deb Motorola 680x0 http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-bin_3.3.2-6.4_m68k.deb http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4_3.3.2-6.4_m68k.deb http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.3.2-6.4_m68k.deb Big endian MIPS http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-bin_3.3.2-6.4_mips.deb http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4_3.3.2-6.4_mips.deb http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.3.2-6.4_mips.deb Little endian MIPS http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-bin_3.3.2-6.4_mipsel.deb http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4_3.3.2-6.4_mipsel.deb http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.3.2-6.4_mipsel.deb PowerPC http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-bin_3.3.2-6.4_powerpc.deb http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4_3.3.2-6.4_powerpc.deb http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.3.2-6.4_powerpc.deb IBM S/390 http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-bin_3.3.2-6.4_s390.deb http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4_3.3.2-6.4_s390.deb http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.3.2-6.4_s390.deb Sun Sparc http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-bin_3.3.2-6.4_sparc.deb http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4_3.3.2-6.4_sparc.deb http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.3.2-6.4_sparc.deb Red Hat Red Hat Desktop (v. 4) Red Hat Enterprise Linux AS (v. 4) Red Hat Enterprise Linux ES (v. 4) Red Hat Enterprise Linux WS (v. 4) https://rhn.redhat.com/ Mandriva Linux Corporate Server 3.0 x86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/RPMS/kdelibs-common-3.2-36.15.C30mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/RPMS/libkdecore4-3.2-36.15.C30mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/RPMS/libkdecore4-devel-3.2-36.15.C30mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/SRPMS/kdelibs-3.2-36.15.C30mdk.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/3.0/RPMS/kdelibs-common-3.2-36.15.C30mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/3.0/RPMS/lib64kdecore4-3.2-36.15.C30mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/3.0/RPMS/lib64kdecore4-devel-3.2-36.15.C30mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/3.0/RPMS/libkdecore4-3.2-36.15.C30mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/3.0/SRPMS/kdelibs-3.2-36.15.C30mdk.src.rpm Mandrivalinux 2006 x86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/RPMS/kdelibs-common-3.4.2-31.3.20060mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/RPMS/kdelibs-devel-doc-3.4.2-31.3.20060mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/RPMS/libkdecore4-3.4.2-31.3.20060mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/RPMS/libkdecore4-devel-3.4.2-31.3.20060mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/SRPMS/kdelibs-3.4.2-31.3.20060mdk.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/RPMS/kdelibs-common-3.4.2-31.3.20060mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/RPMS/kdelibs-devel-doc-3.4.2-31.3.20060mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/RPMS/lib64kdecore4-3.4.2-31.3.20060mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/RPMS/lib64kdecore4-devel-3.4.2-31.3.20060mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/RPMS/libkdecore4-3.4.2-31.3.20060mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/RPMS/libkdecore4-devel-3.4.2-31.3.20060mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/SRPMS/kdelibs-3.4.2-31.3.20060mdk.src.rpm SUSE Linux SUSE LINUX 10.0 x86 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/kdelibs3-3.4.2-24.2.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/kdelibs3-devel-3.4.2-24.2.i586.rpm Power PC ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/kdelibs3-3.4.2-24.2.ppc.rpm ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/kdelibs3-devel-3.4.2-24.2.ppc.rpm x86-64 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/kdelibs3-3.4.2-24.2.x86_64.rpm ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/kdelibs3-32bit-3.4.2-24.2.x86_64.rpm ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/kdelibs3-devel-3.4.2-24.2.x86_64.rpm Sources ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/kdelibs3-3.4.2-24.2.src.rpm SUSE LINUX 9.3 x86 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/kdelibs3-3.4.0-20.10.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/kdelibs3-devel-3.4.0-20.10.i586.rpm x86-64 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/kdelibs3-3.4.0-20.10.x86_64.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/kdelibs3-32bit-9.3-7.4.x86_64.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/kdelibs3-devel-3.4.0-20.10.x86_64.rpm Sources ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/src/kdelibs3-3.4.0-20.10.src.rpm SUSE LINUX 9.2 x86 ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/kdelibs3-3.3.0-34.11.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/kdelibs3-devel-3.3.0-34.11.i586.rpm x86-64 ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/kdelibs3-3.3.0-34.11.x86_64.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/kdelibs3-32bit-9.2-200601131140.x86_64.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/kdelibs3-devel-3.3.0-34.11.x86_64.rpm Sources ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/src/kdelibs3-3.3.0-34.11.src.rpm SUSE LINUX 9.1 x86 ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/kdelibs3-3.2.1-44.65.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/kdelibs3-devel-3.2.1-44.65.i586.rpm ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/i586/kdelibs3-32bit-9.1-200601130425.i586.rpm x86-64 ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/kdelibs3-3.2.1-44.65.x86_64.rpm ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/kdelibs3-devel-3.2.1-44.65.x86_64.rpm Sources ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/src/kdelibs3-3.2.1-44.65.src.rpm ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/src/kdelibs3-3.2.1-44.65.src.rpm |
|
Standar resources |
|
| Property | Value |
| CVE | CVE-2006-0019 |
| BID | |
Other resources |
|
|
Debian Security Advisory (DSA 948-1) http://lists.debian.org/debian-security-announce/debian-security-announce-2006/msg00021.html Red Hat Security Advisory (RHSA-2006:0184-11) https://rhn.redhat.com/errata/RHSA-2006-0184.html Mandriva Security Advisory MDKSA-2006:019 http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:019 SUSE Security Announcement SUSE-SA:2006:003 http://www.novell.com/linux/security/advisories/2006_03_kdelibs3.html |
|
Version history |
||
| Version | Comments | Date |
| 1.0 | Aviso emitido | 2006-01-20 |
| 1.1 | Aviso emitido por Mandriva (MDKSA-2006:019). Aviso emitido por SUSE (SUSE-SA:2006:003). | 2006-01-24 |