Vulnerability Name:

CVE-2005-0011 (CCN-19347)

Assigned:2005-02-16
Published:2005-02-16
Updated:2008-09-05
Summary:Multiple vulnerabilities in fliccd, when installed setuid root as part of the kdeedu Kstars support for Instrument Neutral Distributed Interface (INDI) in KDE 3.3 to 3.3.2, allow local users and remote attackers to execute arbitrary code via stack-based buffer overflows.
CVSS v3 Severity:9.3 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
7.2 High (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: CCN
Type: KDE FTP Security patch Web page
KDE FTP security_patches

Source: MITRE
Type: CNA
CVE-2005-0011

Source: CCN
Type: SA14306
KDE fliccd Buffer Overflow Vulnerabilities

Source: SECUNIA
Type: Patch
14306

Source: CCN
Type: GLSA-200502-23
KStars: Buffer overflow in fliccd

Source: GENTOO
Type: Vendor Advisory
GLSA-200502-23

Source: CCN
Type: KDE Security Advisory 20050215-1
Buffer overflow in fliccd of kdeedu/kstars/indi

Source: CONFIRM
Type: Patch, Vendor Advisory
http://www.kde.org/info/security/advisory-20050215-1.txt

Source: CCN
Type: OSVDB ID: 13851
INDI fliccd Multiple Local Overflows

Source: FEDORA
Type: Vendor Advisory
FEDORA-2005-148

Source: CCN
Type: BID-12570
KDE KStars FLICCD Utility Multiple Buffer Overflow Vulnerabilities

Source: XF
Type: UNKNOWN
kde-fliccd-bo(19347)

Vulnerable Configuration:Configuration 1:
  • cpe:/o:kde:kde:3.3:*:*:*:*:*:*:*
  • OR cpe:/o:kde:kde:3.3.1:*:*:*:*:*:*:*
  • OR cpe:/o:kde:kde:3.3.2:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    kde kde 3.3
    kde kde 3.3.1
    kde kde 3.3.2