KDE Heap Overflow Vulnerability Found

← Back to Stories (view on slashdot.org)

KDE Heap Overflow Vulnerability Found

Posted by CowboyNeal on Saturday January 21, 2006 @03:35AM from the holes-in-the-dike dept.

sayanchak writes "An incorrect bounds check has been discovered in kjs, the JavaScript interpreter engine used by Konqueror and other parts of KDE, that allows a heap based buffer overflow when decoding specially crafted UTF-8 encoded URI sequences. It might allow malicious Javascript code to perform a heap overflow and crash Konqueror or even execute arbitrary code. Source diff patches for KDE 3.2.0 - 3.3.2 and KDE 3.4.0 - 3.5.0 are available."

6 of 233 comments (clear)

Right thats it! by trash+eighty · 2006-01-21 03:43 · Score: 5, Funny

I'm going back to Windows!!!
Re:KJS is also used by Apple in Safari by Anonymous Coward · 2006-01-21 03:48 · Score: 5, Insightful

The obvious question is - does the same bug exists in the KJS-derived Safari Javascript?
Malicious hackers around the world... by Anonymous Coward · 2006-01-21 03:53 · Score: 5, Interesting

...yawn and pay no heed. Have any vulnerabilities for Konqueror ever actually resulted in exploits in the wild?
Re:This is why I use Windows by Anonymous Coward · 2006-01-21 03:55 · Score: 5, Insightful

The complaint about MS is the running of said things in or at the kernel.

The only people who make that complaint are people who don't have a clue what they are talking about. Internet Explorer doesn't run "in or at" the kernel. It runs with the user's privileges, just like any other application.

The problem with "Internet Explorer" is that its rendering engine, Trident, is embedded by a great many applications, so any vulnerability in Trident is also a vulnerability in those applications. The same is true of KDE/KHTML/KJS. If a vulnerability is found in, say, KHTML, it also means KMail and Amarok are vulnerable.

Unfortunately, this is the downside to modern component-based strategies - it's not a Microsoft-specific problem. However the beneefits of these strategies vastly outweigh the downsides.
Ubuntu patched already by Richard+W.M.+Jones · 2006-01-21 03:56 · Score: 5, Informative

The patch for this was waiting on my Ubuntu desktop for installation when I got up this morning ...
Rich.

--
libguestfs - tools for accessing and modifying virtual machine disk images
Did you look at the ECMA standard? by Grendel+Drago · 2006-01-21 07:46 · Score: 5, Informative

Check section 15.1.3 of the ECMA standard, which the source refers to. The algorithm is explained there, and the variable names are taken from the standard for readability.

Sheesh, do a little homework first.

--
Laws do not persuade just because they threaten. --Seneca