- Advisory ID
- Betroffene Versionen
- 9.0 i586
The SuSE security team discovered two vulnerabilities in the KDE lanbrowsing service during an audit. The LISa network daemon and "reslisa", a restricted version of LISa are used to identify servers on the local network by using the URL type "lan://" and "rlan://" respectively. A buffer overflow was discovered in the lisa daemon that can be exploited by an attacker on the local network to obtain root privilege on a machine running the lisa daemon. Another buffer overflow was found in the lan:// URL handler, which can be exploited by a remote attacker to gain access to the victim user's account. Only Mandrake Linux 9.0 comes with the LISa network daemon; all previous versions do not contain the network daemon and are as such not vulnerable.
121fa63c366990d8c25e9f33dd321a8f 9.0/RPMS/kdenetwork-3.0.3-15.1mdk.i586.rpm c0740b63ff2590a1a8cfc5138acd6b14 9.0/RPMS/kdenetwork-devel-3.0.3-15.1mdk.i586.rpm 8e463ed13bd8618b96c4fd73a7bf3647 9.0/RPMS/lisa-3.0.3-15.1mdk.i586.rpm 4ae35278ffeb9c8956ebfeb229069e65 9.0/SRPMS/kdenetwork-3.0.3-15.1mdk.src.rpm