Package name
kdenetwork
Date
2002-11-21
Advisory ID
MDKSA-2002:080
Affected versions
9.0 i586

Problem description

The SuSE security team discovered two vulnerabilities in the KDE lanbrowsing service during an audit. The LISa network daemon and "reslisa", a restricted version of LISa are used to identify servers on the local network by using the URL type "lan://" and "rlan://" respectively. A buffer overflow was discovered in the lisa daemon that can be exploited by an attacker on the local network to obtain root privilege on a machine running the lisa daemon. Another buffer overflow was found in the lan:// URL handler, which can be exploited by a remote attacker to gain access to the victim user's account. Only Mandrake Linux 9.0 comes with the LISa network daemon; all previous versions do not contain the network daemon and are as such not vulnerable.

Updated packages

9.0 i586

 121fa63c366990d8c25e9f33dd321a8f  9.0/RPMS/kdenetwork-3.0.3-15.1mdk.i586.rpm
c0740b63ff2590a1a8cfc5138acd6b14  9.0/RPMS/kdenetwork-devel-3.0.3-15.1mdk.i586.rpm
8e463ed13bd8618b96c4fd73a7bf3647  9.0/RPMS/lisa-3.0.3-15.1mdk.i586.rpm
4ae35278ffeb9c8956ebfeb229069e65  9.0/SRPMS/kdenetwork-3.0.3-15.1mdk.src.rpm

References