CVE-2002-1306

Multiple buffer overflows in LISa on KDE 2.x for 2.1 and later, and KDE 3.x before 3.0.4, allow (1) local and possibly remote attackers to execute arbitrary code via the "lisa" daemon, and (2) remote attackers to execute arbitrary code via a certain "lan://" URL.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://marc.info/?l=bugtraq&m=103712329102632&w=2
http://marc.info/?l=bugtraq&m=103728981029342&w=2
http://www.ciac.org/ciac/bulletins/n-020.shtml
http://www.debian.org/security/2002/dsa-214
http://www.iss.net/security_center/static/10597.php
http://www.iss.net/security_center/static/10598.php	Vendor Advisory
http://www.kde.org/info/security/advisory-20021111-2.txt	Patch Vendor Advisory
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-080.php
http://www.novell.com/linux/security/advisories/2002_042_kdenetwork.html
http://www.redhat.com/support/errata/RHSA-2002-220.html
http://marc.info/?l=bugtraq&m=103712329102632&w=2
http://marc.info/?l=bugtraq&m=103728981029342&w=2
http://www.ciac.org/ciac/bulletins/n-020.shtml
http://www.debian.org/security/2002/dsa-214
http://www.iss.net/security_center/static/10597.php
http://www.iss.net/security_center/static/10598.php	Vendor Advisory
http://www.kde.org/info/security/advisory-20021111-2.txt	Patch Vendor Advisory
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-080.php
http://www.novell.com/linux/security/advisories/2002_042_kdenetwork.html
http://www.redhat.com/support/errata/RHSA-2002-220.html

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:kde:kde:2.1:::::::*
	cpe:2.3:o:kde:kde:2.1.1:::::::*
	cpe:2.3:o:kde:kde:2.1.2:::::::*
	cpe:2.3:o:kde:kde:2.2:::::::*
	cpe:2.3:o:kde:kde:2.2.1:::::::*
	cpe:2.3:o:kde:kde:2.2.2:::::::*
	cpe:2.3:o:kde:kde:3.0:::::::*
	cpe:2.3:o:kde:kde:3.0.1:::::::*
	cpe:2.3:o:kde:kde:3.0.2:::::::*
	cpe:2.3:o:kde:kde:3.0.3:::::::*

History

20 Nov 2024, 23:41

Type	Values Removed	Values Added
References	~~() http://marc.info/?l=bugtraq&m=103712329102632&w=2 -~~	() http://marc.info/?l=bugtraq&m=103712329102632&w=2 -
References	~~() http://marc.info/?l=bugtraq&m=103728981029342&w=2 -~~	() http://marc.info/?l=bugtraq&m=103728981029342&w=2 -
References	~~() http://www.ciac.org/ciac/bulletins/n-020.shtml -~~	() http://www.ciac.org/ciac/bulletins/n-020.shtml -
References	~~() http://www.debian.org/security/2002/dsa-214 -~~	() http://www.debian.org/security/2002/dsa-214 -
References	~~() http://www.iss.net/security_center/static/10597.php -~~	() http://www.iss.net/security_center/static/10597.php -
References	~~() http://www.iss.net/security_center/static/10598.php - Vendor Advisory~~	() http://www.iss.net/security_center/static/10598.php - Vendor Advisory
References	~~() http://www.kde.org/info/security/advisory-20021111-2.txt - Patch, Vendor Advisory~~	() http://www.kde.org/info/security/advisory-20021111-2.txt - Patch, Vendor Advisory
References	~~() http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-080.php -~~	() http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-080.php -
References	~~() http://www.novell.com/linux/security/advisories/2002_042_kdenetwork.html -~~	() http://www.novell.com/linux/security/advisories/2002_042_kdenetwork.html -
References	~~() http://www.redhat.com/support/errata/RHSA-2002-220.html -~~	() http://www.redhat.com/support/errata/RHSA-2002-220.html -

Information

Published : 2002-11-29 05:00

Updated : 2024-11-20 23:41

NVD link : CVE-2002-1306

Mitre link : CVE-2002-1306

CVE.ORG link : CVE-2002-1306

JSON object : View

Products Affected

kde

CWE

NVD-CWE-Other

7.5 /10