KDE kvt Format String Vulnerability
BID:1700
Info
KDE kvt Format String Vulnerability
| Bugtraq ID: | 1700 |
| Class: | Input Validation Error |
| CVE: |
CVE-2000-0918 CVE-2000-0373 |
| Remote: | No |
| Local: | Yes |
| Published: | Sep 19 2000 12:00AM |
| Updated: | Jul 11 2009 03:56AM |
| Credit: | Posted to Bugtraq by Carlos Eduardo Gorges <[email protected]> on September 19, 2000. |
| Vulnerable: |
KDE kvt 1.1.2 |
| Not Vulnerable: | |
Discussion
KDE kvt Format String Vulnerability
kvt is a terminal emulation program for X-Windows written using Qt. Like other such programs, it is usually installed setuid root so that it can have its own psuedo-terminal and write to utmp/wtmp. kvt contains a format-string vulnerability that may make it possible to for local users to obtain super-user priviliges. kvt assigns the value of the user-definable DISPLAY environment variable to a character buffer, which it then uses as the only argument to a *printf() function later in the program. It is not known whether this can be used to exploit kvt or not.
This bug may affect rxvt as well, since kvt is derived from the rxvt source.
kvt is a terminal emulation program for X-Windows written using Qt. Like other such programs, it is usually installed setuid root so that it can have its own psuedo-terminal and write to utmp/wtmp. kvt contains a format-string vulnerability that may make it possible to for local users to obtain super-user priviliges. kvt assigns the value of the user-definable DISPLAY environment variable to a character buffer, which it then uses as the only argument to a *printf() function later in the program. It is not known whether this can be used to exploit kvt or not.
This bug may affect rxvt as well, since kvt is derived from the rxvt source.
Exploit / POC
KDE kvt Format String Vulnerability
Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Solution / Fix
KDE kvt Format String Vulnerability
Solution:
Carlos Eduardo Gorges <[email protected]> has supplied a patch he wrote that will fix the problem in his post to Bugtraq. Since kvt is no longer supported and will be obsoleted when KDE 2.0 is released, it is suggested that users use this patch.
KDE kvt 1.1.2
Solution:
Carlos Eduardo Gorges <[email protected]> has supplied a patch he wrote that will fix the problem in his post to Bugtraq. Since kvt is no longer supported and will be obsoleted when KDE 2.0 is released, it is suggested that users use this patch.
KDE kvt 1.1.2
-
Carlos Eduardo Gorges
Use patch(1) to apply this diff file to the kvt source tree.
http://www.securityfocus.com/data/vulnerabilities/patches/kvt-diff.gz