CVE-2005-3863 - OpenCVE

Stack-based buffer overflow in kkstrtext.h in ktools library 0.3 and earlier, as used in products such as (1) centericq, (2) orpheus, (3) motor, and (4) groan, allows local users or remote attackers to execute arbitrary code via a long parameter to the VGETSTRING macro.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Ktools	Ktools

Configuration 1 [-]

cpe:2.3:a:ktools:ktools:*:*:*:*:*:*:*:*

References

Link	Resource
http://secunia.com/advisories/17768	Vendor Advisory
http://secunia.com/advisories/18081	Patch Vendor Advisory
http://secunia.com/advisories/20329	Vendor Advisory
http://secunia.com/advisories/20368	Patch Vendor Advisory
http://secunia.com/advisories/20446	Patch Vendor Advisory
http://secunia.com/advisories/21684	Vendor Advisory
http://security.gentoo.org/glsa/glsa-200512-11.xml
http://security.gentoo.org/glsa/glsa-200608-27.xml
http://www.debian.org/security/2006/dsa-1083	Patch Vendor Advisory
http://www.debian.org/security/2006/dsa-1088	Patch Vendor Advisory
http://www.osvdb.org/21161
http://www.securityfocus.com/archive/1/417906/100/0/threaded
http://www.securityfocus.com/bid/15600
http://www.vupen.com/english/advisories/2005/2605	Vendor Advisory
http://www.vupen.com/english/advisories/2006/2062	Vendor Advisory
http://www.zone-h.org/en/advisories/read/id=8480/	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/23233

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2005-11-29T11:00:00

Updated: 2018-10-19T14:57:01

Reserved: 2005-11-29T00:00:00

Link: CVE-2005-3863

JSON object: View

NVD Information

Status : Modified

Published: 2005-11-29T11:03:00.000

Modified: 2018-10-19T15:39:26.123

Link: CVE-2005-3863

JSON object: View

Redhat Information

No data.

CWE

CWE-119

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2005-11-27T00:00:00", "descriptions": [{"lang": "en", "value": "Stack-based buffer overflow in kkstrtext.h in ktools library 0.3 and earlier, as used in products such as (1) centericq, (2) orpheus, (3) motor, and (4) groan, allows local users or remote attackers to execute arbitrary code via a long parameter to the VGETSTRING macro."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-19T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "21684", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/21684"}, {"name": "17768", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/17768"}, {"name": "ADV-2006-2062", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/2062"}, {"name": "20368", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/20368"}, {"name": "GLSA-200608-27", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://security.gentoo.org/glsa/glsa-200608-27.xml"}, {"name": "GLSA-200512-11", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://security.gentoo.org/glsa/glsa-200512-11.xml"}, {"name": "DSA-1088", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2006/dsa-1088"}, {"name": "15600", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/15600"}, {"name": "20446", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/20446"}, {"tags": ["x_refsource_MISC"], "url": "http://www.zone-h.org/en/advisories/read/id=8480/"}, {"name": "20329", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/20329"}, {"name": "ktools-kkstrtext-bo(23233)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23233"}, {"name": "DSA-1083", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2006/dsa-1083"}, {"name": "ADV-2005-2605", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2005/2605"}, {"name": "20051127 ZRCSA-200503 - ktools Buffer Overflow Vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/417906/100/0/threaded"}, {"name": "21161", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/21161"}, {"name": "18081", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/18081"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2005-3863", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Stack-based buffer overflow in kkstrtext.h in ktools library 0.3 and earlier, as used in products such as (1) centericq, (2) orpheus, (3) motor, and (4) groan, allows local users or remote attackers to execute arbitrary code via a long parameter to the VGETSTRING macro."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "21684", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/21684"}, {"name": "17768", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/17768"}, {"name": "ADV-2006-2062", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/2062"}, {"name": "20368", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/20368"}, {"name": "GLSA-200608-27", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-200608-27.xml"}, {"name": "GLSA-200512-11", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-200512-11.xml"}, {"name": "DSA-1088", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2006/dsa-1088"}, {"name": "15600", "refsource": "BID", "url": "http://www.securityfocus.com/bid/15600"}, {"name": "20446", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/20446"}, {"name": "http://www.zone-h.org/en/advisories/read/id=8480/", "refsource": "MISC", "url": "http://www.zone-h.org/en/advisories/read/id=8480/"}, {"name": "20329", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/20329"}, {"name": "ktools-kkstrtext-bo(23233)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23233"}, {"name": "DSA-1083", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2006/dsa-1083"}, {"name": "ADV-2005-2605", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2005/2605"}, {"name": "20051127 ZRCSA-200503 - ktools Buffer Overflow Vulnerability", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/417906/100/0/threaded"}, {"name": "21161", "refsource": "OSVDB", "url": "http://www.osvdb.org/21161"}, {"name": "18081", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/18081"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2005-3863", "datePublished": "2005-11-29T11:00:00", "dateReserved": "2005-11-29T00:00:00", "dateUpdated": "2018-10-19T14:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ktools:ktools:*:*:*:*:*:*:*:*", "matchCriteriaId": "6CC84E5D-A721-4186-8717-206A5A4963DF", "versionEndIncluding": "0.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Stack-based buffer overflow in kkstrtext.h in ktools library 0.3 and earlier, as used in products such as (1) centericq, (2) orpheus, (3) motor, and (4) groan, allows local users or remote attackers to execute arbitrary code via a long parameter to the VGETSTRING macro."}], "id": "CVE-2005-3863", "lastModified": "2018-10-19T15:39:26.123", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": true, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2005-11-29T11:03:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/17768"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/18081"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/20329"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/20368"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/20446"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/21684"}, {"source": "cve@mitre.org", "url": "http://security.gentoo.org/glsa/glsa-200512-11.xml"}, {"source": "cve@mitre.org", "url": "http://security.gentoo.org/glsa/glsa-200608-27.xml"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.debian.org/security/2006/dsa-1083"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.debian.org/security/2006/dsa-1088"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/21161"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/417906/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/15600"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2005/2605"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2006/2062"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.zone-h.org/en/advisories/read/id=8480/"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23233"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}