Slashdot Mirror

← Back to Stories (view on slashdot.org)

KDE Heap Overflow Vulnerability Found

Posted by CowboyNeal on Saturday January 21, 2006 @03:35AM from the holes-in-the-dike dept.

sayanchak writes "An incorrect bounds check has been discovered in kjs, the JavaScript interpreter engine used by Konqueror and other parts of KDE, that allows a heap based buffer overflow when decoding specially crafted UTF-8 encoded URI sequences. It might allow malicious Javascript code to perform a heap overflow and crash Konqueror or even execute arbitrary code. Source diff patches for KDE 3.2.0 - 3.3.2 and KDE 3.4.0 - 3.5.0 are available."

2 of 233 comments (clear)

Min score:

Reason:

Sort:

Ubuntu patched already by Richard+W.M.+Jones · 2006-01-21 03:56 · Score: 5, Informative

The patch for this was waiting on my Ubuntu desktop for installation when I got up this morning ...
Rich.

--
libguestfs - tools for accessing and modifying virtual machine disk images
Did you look at the ECMA standard? by Grendel+Drago · 2006-01-21 07:46 · Score: 5, Informative

Check section 15.1.3 of the ECMA standard, which the source refers to. The algorithm is explained there, and the variable names are taken from the standard for readability.

Sheesh, do a little homework first.

--
Laws do not persuade just because they threaten. --Seneca