Vulnerability CVE-2002-1306 - CERT Civis.Net

Vulnerability Name:

CVE-2002-1306 (CCN-10598)

Assigned:

2002-11-11

Published:

2002-11-11

Updated:

2016-10-18

Summary:

Multiple buffer overflows in LISa on KDE 2.x for 2.1 and later, and KDE 3.x before 3.0.4, allow (1) local and possibly remote attackers to execute arbitrary code via the "lisa" daemon, and (2) remote attackers to execute arbitrary code via a certain "lan://" URL.

CVSS v3 Severity:

5.9 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

4.6 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2002-1306

Source: CCN
Type: LISa Web site
LISa - LAN Information Server

Source: BUGTRAQ
Type: UNKNOWN
20021112 KDE Security Advisory: resLISa / LISa Vulnerabilities

Source: BUGTRAQ
Type: UNKNOWN
20021114 GLSA: kdelibs

Source: CCN
Type: RHSA-2002-220
Updated KDE packages fix security issues

Source: CCN
Type: RHSA-2002-221
kdelibs security update

Source: CCN
Type: CIAC Information Bulletin N-020
Red Hat Multiple Vulnerabilities in KDE

Source: CIAC
Type: UNKNOWN
N-020

Source: DEBIAN
Type: UNKNOWN
DSA-214

Source: DEBIAN
Type: DSA-214
kdenetwork -- buffer overflows

Source: XF
Type: UNKNOWN
kde-kdenetwork-lisa-bo(10597)

Source: XF
Type: Vendor Advisory
kde-kdenetwork-lan-bo(10598)

Source: CCN
Type: KDE Web site
Getting KDE

Source: CCN
Type: KDE Security Advisory 2002-11-11
resLISa / LISa Vulnerabilities

Source: CONFIRM
Type: Patch, Vendor Advisory
http://www.kde.org/info/security/advisory-20021111-2.txt

Source: MANDRAKE
Type: UNKNOWN
MDKSA-2002:080

Source: SUSE
Type: UNKNOWN
SuSE-SA:2002:042

Source: REDHAT
Type: UNKNOWN
RHSA-2002:220

Source: XF
Type: UNKNOWN
kde-kdenetwork-lan-bo(10598)

Source: SUSE
Type: SUSE-SA:2002:042
kdenetwork: remote command execution

Vulnerable Configuration:

Configuration 1:

cpe:/o:kde:kde:2.1:*:*:*:*:*:*:*

OR cpe:/o:kde:kde:2.1.1:*:*:*:*:*:*:*

OR cpe:/o:kde:kde:2.1.2:*:*:*:*:*:*:*

OR cpe:/o:kde:kde:2.2:*:*:*:*:*:*:*

OR cpe:/o:kde:kde:2.2.1:*:*:*:*:*:*:*

OR cpe:/o:kde:kde:2.2.2:*:*:*:*:*:*:*

OR cpe:/o:kde:kde:3.0:*:*:*:*:*:*:*

OR cpe:/o:kde:kde:3.0.1:*:*:*:*:*:*:*

OR cpe:/o:kde:kde:3.0.2:*:*:*:*:*:*:*

OR cpe:/o:kde:kde:3.0.3:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/o:suse:suse_linux:7.2:*:*:*:*:*:*:*

OR cpe:/o:redhat:linux:7.2:*:*:*:*:*:*:*

OR cpe:/o:suse:suse_linux:7.3:*:*:*:*:*:*:*

OR cpe:/a:suse:suse_email_server:iii:*:*:*:*:*:*:*

OR cpe:/a:suse:suse_linux_connectivity_server:*:*:*:*:*:*:*:*

OR cpe:/o:suse:suse_linux:8.0:*:*:*:*:*:*:*

OR cpe:/o:redhat:linux:7.3:*:*:*:*:*:*:*

OR cpe:/o:debian:debian_linux:3.0:*:*:*:*:*:*:*

OR cpe:/a:suse:suse_linux_office_server:*:*:*:*:*:*:*:*

OR cpe:/o:redhat:linux:8.0:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:9.0:*:*:*:*:*:*:*

OR cpe:/a:suse:suse_email_server:3.1:*:*:*:*:*:*:*

OR cpe:/o:suse:suse_linux:8.1:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:2.1:*:as:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.debian:def:214	V	buffer overflows	2002-12-20