ID REDHAT-RHSA-2004-005.NASL Type nessus Reporter Tenable Modified 2016-12-28T00:00:00
Description
Updated kdepim packages are now available that fix a local buffer overflow vulnerability.
The K Desktop Environment (KDE) is a graphical desktop for the X Window System. The KDE Personal Information Management (kdepim) suite helps you to organize your mail, tasks, appointments, and contacts.
The KDE team found a buffer overflow in the file information reader of VCF files. An attacker could construct a VCF file so that when it was opened by a victim it would execute arbitrary commands. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2003-0988 to this issue.
Users of kdepim are advised to upgrade to these erratum packages which contain a backported security patch that corrects this issue.
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory RHSA-2004:005. The text
# itself is copyright (C) Red Hat, Inc.
#
include("compat.inc");
if (description)
{
script_id(12447);
script_version ("$Revision: 1.19 $");
script_cvs_date("$Date: 2016/12/28 17:44:44 $");
script_cve_id("CVE-2003-0988");
script_osvdb_id(3472);
script_xref(name:"RHSA", value:"2004:005");
script_name(english:"RHEL 3 : kdepim (RHSA-2004:005)");
script_summary(english:"Checks the rpm output for the updated packages");
script_set_attribute(
attribute:"synopsis",
value:"The remote Red Hat host is missing one or more security updates."
);
script_set_attribute(
attribute:"description",
value:
"Updated kdepim packages are now available that fix a local buffer
overflow vulnerability.
The K Desktop Environment (KDE) is a graphical desktop for the X
Window System. The KDE Personal Information Management (kdepim) suite
helps you to organize your mail, tasks, appointments, and contacts.
The KDE team found a buffer overflow in the file information reader of
VCF files. An attacker could construct a VCF file so that when it was
opened by a victim it would execute arbitrary commands. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the
name CVE-2003-0988 to this issue.
Users of kdepim are advised to upgrade to these erratum packages which
contain a backported security patch that corrects this issue."
);
script_set_attribute(
attribute:"see_also",
value:"https://www.redhat.com/security/data/cve/CVE-2003-0988.html"
);
script_set_attribute(
attribute:"see_also",
value:"http://www.kde.org/info/security/advisory-20040114-1.txt"
);
script_set_attribute(
attribute:"see_also",
value:"http://rhn.redhat.com/errata/RHSA-2004-005.html"
);
script_set_attribute(
attribute:"solution",
value:"Update the affected kdepim and / or kdepim-devel packages."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kdepim");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kdepim-devel");
script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:3");
script_set_attribute(attribute:"patch_publication_date", value:"2004/01/14");
script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/06");
script_set_attribute(attribute:"vuln_publication_date", value:"2004/01/14");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2004-2016 Tenable Network Security, Inc.");
script_family(english:"Red Hat Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
os_ver = eregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
os_ver = os_ver[1];
if (! ereg(pattern:"^3([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 3.x", "Red Hat " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
if (!empty_or_null(yum_updateinfo))
{
rhsa = "RHSA-2004:005";
yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
if (!empty_or_null(yum_report))
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : yum_report
);
exit(0);
}
else
{
audit_message = "affected by Red Hat security advisory " + rhsa;
audit(AUDIT_OS_NOT, audit_message);
}
}
else
{
flag = 0;
if (rpm_check(release:"RHEL3", reference:"kdepim-3.1.3-3.3")) flag++;
if (rpm_check(release:"RHEL3", reference:"kdepim-devel-3.1.3-3.3")) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get() + redhat_report_package_caveat()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kdepim / kdepim-devel");
}
}
{"id": "REDHAT-RHSA-2004-005.NASL", "bulletinFamily": "scanner", "title": "RHEL 3 : kdepim (RHSA-2004:005)", "description": "Updated kdepim packages are now available that fix a local buffer overflow vulnerability.\n\nThe K Desktop Environment (KDE) is a graphical desktop for the X Window System. The KDE Personal Information Management (kdepim) suite helps you to organize your mail, tasks, appointments, and contacts.\n\nThe KDE team found a buffer overflow in the file information reader of VCF files. An attacker could construct a VCF file so that when it was opened by a victim it would execute arbitrary commands. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2003-0988 to this issue.\n\nUsers of kdepim are advised to upgrade to these erratum packages which contain a backported security patch that corrects this issue.", "published": "2004-07-06T00:00:00", "modified": "2016-12-28T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=12447", "reporter": "Tenable", "references": ["https://www.redhat.com/security/data/cve/CVE-2003-0988.html", "http://www.kde.org/info/security/advisory-20040114-1.txt", "http://rhn.redhat.com/errata/RHSA-2004-005.html"], "cvelist": ["CVE-2003-0988"], "type": "nessus", "lastseen": "2017-10-29T13:43:42", "history": [{"bulletin": {"bulletinFamily": "scanner", "cpe": [], "cvelist": ["CVE-2003-0988"], "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "Updated kdepim packages are now available that fix a local buffer overflow vulnerability.\n\nThe K Desktop Environment (KDE) is a graphical desktop for the X Window System. The KDE Personal Information Management (kdepim) suite helps you to organize your mail, tasks, appointments, and contacts.\n\nThe KDE team found a buffer overflow in the file information reader of VCF files. An attacker could construct a VCF file so that when it was opened by a victim it would execute arbitrary commands. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2003-0988 to this issue.\n\nUsers of kdepim are advised to upgrade to these erratum packages which contain a backported security patch that corrects this issue.", "edition": 2, "enchantments": {}, "hash": "4ea38f1b3900f073f52c85f6eb449a39c1a06f2806b5f78ca41a4146071764fa", "hashmap": [{"hash": "8550aa08ba4c57b259ff26174bc76c67", "key": "description"}, {"hash": "165fdc9623e63b94742e6dd07b81e45b", "key": "pluginID"}, {"hash": "35a80432737ef527fe4541f45ee299f5", "key": "title"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "e5d275b3ebd62646b78320753699e02e", "key": "cvss"}, {"hash": "676bcfbb0d4c9f5ff270385a479d6ed1", "key": "modified"}, {"hash": "50c06d765882c156f5981f559cb85cb2", "key": "references"}, {"hash": "b8fc7b99d19eb72cb75e807430c912dc", "key": "sourceData"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "474949ab6fbff659080be277e7c5ac16", "key": "published"}, {"hash": "023fc9f40e56c0627fd4da4f68eacf23", "key": "cvelist"}, {"hash": "b46559ea68ec9a13474c3a7776817cfd", "key": "naslFamily"}, {"hash": "eea83d2320c997fb468e3776d31d1f90", "key": "href"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=12447", "id": "REDHAT-RHSA-2004-005.NASL", "lastseen": "2016-12-29T02:17:02", "modified": "2016-12-28T00:00:00", "naslFamily": "Red Hat Local Security Checks", "objectVersion": "1.2", "pluginID": "12447", "published": "2004-07-06T00:00:00", "references": ["https://www.redhat.com/security/data/cve/CVE-2003-0988.html", "http://www.kde.org/info/security/advisory-20040114-1.txt", "http://rhn.redhat.com/errata/RHSA-2004-005.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2004:005. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(12447);\n script_version (\"$Revision: 1.19 $\");\n script_cvs_date(\"$Date: 2016/12/28 17:44:44 $\");\n\n script_cve_id(\"CVE-2003-0988\");\n script_osvdb_id(3472);\n script_xref(name:\"RHSA\", value:\"2004:005\");\n\n script_name(english:\"RHEL 3 : kdepim (RHSA-2004:005)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated kdepim packages are now available that fix a local buffer\noverflow vulnerability.\n\nThe K Desktop Environment (KDE) is a graphical desktop for the X\nWindow System. The KDE Personal Information Management (kdepim) suite\nhelps you to organize your mail, tasks, appointments, and contacts.\n\nThe KDE team found a buffer overflow in the file information reader of\nVCF files. An attacker could construct a VCF file so that when it was\nopened by a victim it would execute arbitrary commands. The Common\nVulnerabilities and Exposures project (cve.mitre.org) has assigned the\nname CVE-2003-0988 to this issue.\n\nUsers of kdepim are advised to upgrade to these erratum packages which\ncontain a backported security patch that corrects this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2003-0988.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.kde.org/info/security/advisory-20040114-1.txt\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://rhn.redhat.com/errata/RHSA-2004-005.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kdepim and / or kdepim-devel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kdepim\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kdepim-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2004/01/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/07/06\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2004/01/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^3([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 3.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2004:005\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL3\", reference:\"kdepim-3.1.3-3.3\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"kdepim-devel-3.1.3-3.3\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kdepim / kdepim-devel\");\n }\n}\n", "title": "RHEL 3 : kdepim (RHSA-2004:005)", "type": "nessus", "viewCount": 2}, "differentElements": ["cpe"], "edition": 2, "lastseen": "2016-12-29T02:17:02"}, {"bulletin": {"bulletinFamily": "exploit", "cvelist": ["CVE-2003-0988"], "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "Updated kdepim packages are now available that fix a local buffer overflow vulnerability.\n\nThe K Desktop Environment (KDE) is a graphical desktop for the X Window System. The KDE Personal Information Management (kdepim) suite helps you to organize your mail, tasks, appointments, and contacts.\n\nThe KDE team found a buffer overflow in the file information reader of VCF files. An attacker could construct a VCF file so that when it was opened by a victim it would execute arbitrary commands. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2003-0988 to this issue.\n\nUsers of kdepim are advised to upgrade to these erratum packages which contain a backported security patch that corrects this issue.", "edition": 1, "hash": "11502140eed8ffcfb1e1558b75ac4563eee8d374da1d84329ca2d72cc33d9099", "hashmap": [{"hash": "8550aa08ba4c57b259ff26174bc76c67", "key": "description"}, {"hash": "708697c63f7eb369319c6523380bdf7a", "key": "bulletinFamily"}, {"hash": "165fdc9623e63b94742e6dd07b81e45b", "key": "pluginID"}, {"hash": "35a80432737ef527fe4541f45ee299f5", "key": "title"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "e5d275b3ebd62646b78320753699e02e", "key": "cvss"}, {"hash": "6701ece2bc7e0e825d798cf4cbce2590", "key": "sourceData"}, {"hash": "50c06d765882c156f5981f559cb85cb2", "key": "references"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "474949ab6fbff659080be277e7c5ac16", "key": "published"}, {"hash": "023fc9f40e56c0627fd4da4f68eacf23", "key": "cvelist"}, {"hash": "98f00858001a0dd10fbd90da55b4ee8c", "key": "modified"}, {"hash": "b46559ea68ec9a13474c3a7776817cfd", "key": "naslFamily"}, {"hash": "eea83d2320c997fb468e3776d31d1f90", "key": "href"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=12447", "id": "REDHAT-RHSA-2004-005.NASL", "lastseen": "2016-09-26T17:26:08", "modified": "2014-11-08T00:00:00", "naslFamily": "Red Hat Local Security Checks", "objectVersion": "1.2", "pluginID": "12447", "published": "2004-07-06T00:00:00", "references": ["https://www.redhat.com/security/data/cve/CVE-2003-0988.html", "http://www.kde.org/info/security/advisory-20040114-1.txt", "http://rhn.redhat.com/errata/RHSA-2004-005.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2004:005. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(12447);\n script_version (\"$Revision: 1.18 $\");\n script_cvs_date(\"$Date: 2014/11/08 01:13:16 $\");\n\n script_cve_id(\"CVE-2003-0988\");\n script_osvdb_id(3472);\n script_xref(name:\"RHSA\", value:\"2004:005\");\n\n script_name(english:\"RHEL 3 : kdepim (RHSA-2004:005)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated kdepim packages are now available that fix a local buffer\noverflow vulnerability.\n\nThe K Desktop Environment (KDE) is a graphical desktop for the X\nWindow System. The KDE Personal Information Management (kdepim) suite\nhelps you to organize your mail, tasks, appointments, and contacts.\n\nThe KDE team found a buffer overflow in the file information reader of\nVCF files. An attacker could construct a VCF file so that when it was\nopened by a victim it would execute arbitrary commands. The Common\nVulnerabilities and Exposures project (cve.mitre.org) has assigned the\nname CVE-2003-0988 to this issue.\n\nUsers of kdepim are advised to upgrade to these erratum packages which\ncontain a backported security patch that corrects this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2003-0988.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.kde.org/info/security/advisory-20040114-1.txt\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://rhn.redhat.com/errata/RHSA-2004-005.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kdepim and / or kdepim-devel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kdepim\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kdepim-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2004/01/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/07/06\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2004/01/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2014 Tenable Network Security, Inc.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^3([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 3.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"RHEL3\", reference:\"kdepim-3.1.3-3.3\")) flag++;\nif (rpm_check(release:\"RHEL3\", reference:\"kdepim-devel-3.1.3-3.3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kdepim / kdepim-devel\");\n}\n", "title": "RHEL 3 : kdepim (RHSA-2004:005)", "type": "nessus", "viewCount": 0}, "differentElements": ["modified", "sourceData"], "edition": 1, "lastseen": "2016-09-26T17:26:08"}], "edition": 3, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cpe", "hash": "579b8655e66c7eb20c0a14333bcca887"}, {"key": "cvelist", "hash": "023fc9f40e56c0627fd4da4f68eacf23"}, {"key": "cvss", "hash": "e5d275b3ebd62646b78320753699e02e"}, {"key": "description", "hash": "8550aa08ba4c57b259ff26174bc76c67"}, {"key": "href", "hash": "eea83d2320c997fb468e3776d31d1f90"}, {"key": "modified", "hash": "676bcfbb0d4c9f5ff270385a479d6ed1"}, {"key": "naslFamily", "hash": "b46559ea68ec9a13474c3a7776817cfd"}, {"key": "pluginID", "hash": "165fdc9623e63b94742e6dd07b81e45b"}, {"key": "published", "hash": "474949ab6fbff659080be277e7c5ac16"}, {"key": "references", "hash": "50c06d765882c156f5981f559cb85cb2"}, {"key": "reporter", "hash": "9cf00d658b687f030ebe173a0528c567"}, {"key": "sourceData", "hash": "b8fc7b99d19eb72cb75e807430c912dc"}, {"key": "title", "hash": "35a80432737ef527fe4541f45ee299f5"}, {"key": "type", "hash": "5e0bd03bec244039678f2b955a2595aa"}], "hash": "53b9cb70b4577bde71659e10766d5dca09b0ebbb63d5fc9abeee7ee301251efe", "viewCount": 2, "enchantments": {"vulnersScore": 7.2}, "objectVersion": "1.3", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2004:005. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(12447);\n script_version (\"$Revision: 1.19 $\");\n script_cvs_date(\"$Date: 2016/12/28 17:44:44 $\");\n\n script_cve_id(\"CVE-2003-0988\");\n script_osvdb_id(3472);\n script_xref(name:\"RHSA\", value:\"2004:005\");\n\n script_name(english:\"RHEL 3 : kdepim (RHSA-2004:005)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated kdepim packages are now available that fix a local buffer\noverflow vulnerability.\n\nThe K Desktop Environment (KDE) is a graphical desktop for the X\nWindow System. The KDE Personal Information Management (kdepim) suite\nhelps you to organize your mail, tasks, appointments, and contacts.\n\nThe KDE team found a buffer overflow in the file information reader of\nVCF files. An attacker could construct a VCF file so that when it was\nopened by a victim it would execute arbitrary commands. The Common\nVulnerabilities and Exposures project (cve.mitre.org) has assigned the\nname CVE-2003-0988 to this issue.\n\nUsers of kdepim are advised to upgrade to these erratum packages which\ncontain a backported security patch that corrects this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2003-0988.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.kde.org/info/security/advisory-20040114-1.txt\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://rhn.redhat.com/errata/RHSA-2004-005.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kdepim and / or kdepim-devel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kdepim\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kdepim-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2004/01/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/07/06\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2004/01/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^3([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 3.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2004:005\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL3\", reference:\"kdepim-3.1.3-3.3\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"kdepim-devel-3.1.3-3.3\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kdepim / kdepim-devel\");\n }\n}\n", "naslFamily": "Red Hat Local Security Checks", "pluginID": "12447", "cpe": ["cpe:/o:redhat:enterprise_linux:3", "p-cpe:/a:redhat:enterprise_linux:kdepim", "p-cpe:/a:redhat:enterprise_linux:kdepim-devel"]}
{"result": {"cve": [{"id": "CVE-2003-0988", "type": "cve", "title": "CVE-2003-0988", "description": "Buffer overflow in the VCF file information reader for KDE Personal Information Management (kdepim) suite in KDE 3.1.0 through 3.1.4 allows attackers to execute arbitrary code via a VCF file.", "published": "2004-02-17T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2003-0988", "cvelist": ["CVE-2003-0988"], "lastseen": "2017-10-10T10:34:57"}], "cert": [{"id": "VU:820798", "type": "cert", "title": "KDE Personal Information Management suite \"kdepim\" contains a buffer overflow vulnerability in VCF information reader ", "description": "### Overview\n\nKDE Personal Information Management suite \"kdepim\" contains a buffer overflow vulnerability. Exploitation of this vulnerability could lead to the arbitrary execution of commands.\n\n### Description\n\nKDE Personal Information Management suite shipped with KDE versions 3.1.0 through 3.1.4 contains a buffer overflow vulnerability in the processing of VCF files. \n\nIf an attacker can trick a victim into opening a specially crafted .VCF file, the attacker may be able to gain information about a victim's data or execute arbitrary commands \nwith the victim's privileges. This vulnerability may also be remotely exploited if the victim has previews for remote files enabled, however this feature is disabled by default. \n \n--- \n \n### Impact\n\nAn attacker may be able to gain information about a victim's data or execute arbitrary commands with the victim's privileges. \n \n--- \n \n### Solution\n\nUpgrade to KDE version [3.1.5](<http://download.kde.org/download.php?url=stable/3.1.5/>) or apply the [patch](<ftp://ftp.kde.org/pub/kde/security_patches/post-3.1.4-kdepim-kfile-plugins.diff>) to version 3.1.4. \n \n--- \n \n### Systems Affected \n\nVendor| Status| Date Notified| Date Updated \n---|---|---|--- \nConectiva| | -| 27 Jan 2004 \nKDE Desktop Environment Project| | -| 27 Jan 2004 \nMandrakeSoft| | -| 27 Jan 2004 \nRed Hat Inc.| | -| 27 Jan 2004 \nSlackware| | -| 27 Jan 2004 \nIf you are a vendor and your product is affected, [let us know](<mailto:cert@cert.org?Subject=VU%23820798 Vendor Status Inquiry>).\n\n### CVSS Metrics \n\nGroup | Score | Vector \n---|---|--- \nBase | N/A | N/A \nTemporal | N/A | N/A \nEnvironmental | N/A | N/A \n \n### References\n\n * <http://www.kde.org/info/security/advisory-20040114-1.txt>\n * <https://rhn.redhat.com/errata/RHSA-2004-006.html>\n * <http://www.secunia.com/advisories/10625/>\n\n### Credit\n\nThis vulnerability was discovered by Dirk Mueller of KDE and reported in their advisory.\n\nThis document was written by Stacey Stewart.\n\n### Other Information\n\n * CVE IDs: [CAN-2003-0988](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CAN-2003-0988>)\n * Date Public: 14 Jan 2004\n * Date First Published: 27 Jan 2004\n * Date Last Updated: 27 Jan 2004\n * Severity Metric: 8.10\n * Document Revision: 11\n\n", "published": "2004-01-27T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.kb.cert.org/vuls/id/820798", "cvelist": ["CVE-2003-0988", "CVE-2003-0988"], "lastseen": "2016-02-03T09:12:40"}], "openvas": [{"id": "OPENVAS:52480", "type": "openvas", "title": "FreeBSD Ports: kdepim", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "published": "2008-09-04T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=52480", "cvelist": ["CVE-2003-0988"], "lastseen": "2017-07-02T21:10:24"}, {"id": "OPENVAS:54541", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200404-02 (kde-base/kde)", "description": "The remote host is missing updates announced in\nadvisory GLSA 200404-02.", "published": "2008-09-24T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=54541", "cvelist": ["CVE-2003-0988"], "lastseen": "2017-07-24T12:50:23"}, {"id": "OPENVAS:53949", "type": "openvas", "title": "Slackware Advisory SSA:2004-014-01 kdepim security update", "description": "The remote host is missing an update as announced\nvia advisory SSA:2004-014-01.", "published": "2012-09-11T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=53949", "cvelist": ["CVE-2003-0988"], "lastseen": "2017-07-24T12:50:43"}, {"id": "OPENVAS:136141256231053949", "type": "openvas", "title": "Slackware Advisory SSA:2004-014-01 kdepim security update", "description": "The remote host is missing an update as announced\nvia advisory SSA:2004-014-01.", "published": "2012-09-11T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=136141256231053949", "cvelist": ["CVE-2003-0988"], "lastseen": "2018-04-06T11:17:53"}], "nessus": [{"id": "FREEBSD_KDEPIM_314_1.NASL", "type": "nessus", "title": "FreeBSD : kdepim exploitable buffer overflow in VCF reader (84)", "description": "The following package needs to be updated: kdepim", "published": "2004-07-06T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=12557", "cvelist": ["CVE-2003-0988"], "lastseen": "2016-09-26T17:24:10"}, {"id": "FREEBSD_PKG_DA6F265B8F3D11D88B290020ED76EF5A.NASL", "type": "nessus", "title": "FreeBSD : kdepim exploitable buffer overflow in VCF reader (da6f265b-8f3d-11d8-8b29-0020ed76ef5a)", "description": "A buffer overflow is present in some versions of the KDE personal information manager (kdepim) which may be triggered when processing a specially crafted VCF file.", "published": "2009-04-23T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=36298", "cvelist": ["CVE-2003-0988"], "lastseen": "2017-10-29T13:41:51"}, {"id": "FEDORA_2004-133.NASL", "type": "nessus", "title": "Fedora Core 1 : kdepim-3.1.4-2 (2004-133)", "description": "The KDE team found a buffer overflow in the file information reader of VCF files. An attacker could construct a VCF file so that when it was opened by a victim it would execute arbitrary commands. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2003-0988 to this issue.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2004-07-23T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=13708", "cvelist": ["CVE-2003-0988"], "lastseen": "2017-10-29T13:34:36"}, {"id": "MANDRAKE_MDKSA-2004-003.NASL", "type": "nessus", "title": "Mandrake Linux Security Advisory : kdepim (MDKSA-2004:003)", "description": "A vulnerability was discovered in all versions of kdepim as distributed with KDE versions 3.1.0 through 3.1.4. This vulnerability allows for a carefully crafted .VCF file to potentially enable a local attacker to compromise the privacy of a victim's data or execute arbitrary commands with the victim's privileges. This can also be used by remote attackers if the victim enables previews for remote files;\nhowever this is disabled by default.\n\nThe provided packages contain a patch from the KDE team to correct this problem.", "published": "2004-07-31T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=14103", "cvelist": ["CVE-2003-0988"], "lastseen": "2017-10-29T13:41:31"}, {"id": "GENTOO_GLSA-200404-02.NASL", "type": "nessus", "title": "GLSA-200404-02 : KDE Personal Information Management Suite Remote Buffer Overflow Vulnerability", "description": "The remote host is affected by the vulnerability described in GLSA-200404-02 (KDE Personal Information Management Suite Remote Buffer Overflow Vulnerability)\n\n A buffer overflow may occur in KDE-PIM's VCF file reader when a maliciously crafted VCF file is opened by a user on a vulnerable system.\n Impact :\n\n A remote attacker may unauthorized access to a user's personal data or execute commands with the user's privileges.\n Workaround :\n\n A workaround is not currently known for this issue. All users are advised to upgrade to the latest version of the affected package.", "published": "2004-08-30T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=14467", "cvelist": ["CVE-2003-0988"], "lastseen": "2017-10-29T13:38:00"}], "osvdb": [{"id": "OSVDB:3472", "type": "osvdb", "title": "KDE kdepim VCF File handling Overflow", "description": "# No description provided by the source\n\n## References:\n[Secunia Advisory ID:10625](https://secuniaresearch.flexerasoftware.com/advisories/10625/)\n[Secunia Advisory ID:11666](https://secuniaresearch.flexerasoftware.com/advisories/11666/)\nRedHat RHSA: RHSA-2004:005\nRedHat RHSA: RHSA-2004:006\n[CVE-2003-0988](https://vulners.com/cve/CVE-2003-0988)\n", "published": "2004-01-14T13:48:15", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://vulners.com/osvdb/OSVDB:3472", "cvelist": ["CVE-2003-0988"], "lastseen": "2017-04-28T13:19:58"}], "redhat": [{"id": "RHSA-2004:005", "type": "redhat", "title": "(RHSA-2004:005) kdepim security update", "description": "The K Desktop Environment (KDE) is a graphical desktop for the X Window\nSystem. The KDE Personal Information Management (kdepim) suite helps you to\norganize your mail, tasks, appointments, and contacts. \n\nThe KDE team found a buffer overflow in the file information reader of\nVCF files. An attacker could construct a VCF file so that when it was\nopened by a victim it would execute arbitrary commands. The Common\nVulnerabilities and Exposures project (cve.mitre.org) has assigned the name\nCAN-2003-0988 to this issue.\n\nUsers of kdepim are advised to upgrade to these erratum packages which\ncontain a backported security patch that corrects this issue.", "published": "2004-01-14T05:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://access.redhat.com/errata/RHSA-2004:005", "cvelist": ["CVE-2003-0988"], "lastseen": "2017-08-02T22:58:08"}], "freebsd": [{"id": "DA6F265B-8F3D-11D8-8B29-0020ED76EF5A", "type": "freebsd", "title": "kdepim exploitable buffer overflow in VCF reader", "description": "\nA buffer overflow is present in some versions of the KDE\n\t personal information manager (kdepim) which may be triggered\n\t when processing a specially crafted VCF file.\n", "published": "2004-01-14T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://vuxml.freebsd.org/freebsd/da6f265b-8f3d-11d8-8b29-0020ed76ef5a.html", "cvelist": ["CVE-2003-0988"], "lastseen": "2016-09-26T17:25:23"}], "slackware": [{"id": "SSA-2004-014-01", "type": "slackware", "title": "kdepim security update", "description": "New kdepim packages are available for Slackware 9.0 and 9.1 to\nfix a security issue with .VCF file handling. For Slackware -current,\na complete upgrade to kde-3.1.5 is available.\n\n\nHere are the details from the Slackware 9.1 ChangeLog:\n\nWed Jan 14 11:58:58 PST 2004\npatches/packages/kdepim-3.1.4-i486-2.tgz: Recompiled with security patch\n post-3.1.4-kdepim-kfile-plugins.diff. From the KDE advisory:\n\n The KDE team has found a buffer overflow in the file information reader\n of VCF files. A carefully crafted .VCF file potentially enables local\n attackers to compromise the privacy of a victim's data or execute\n arbitrary commands with the victim's privileges.\n By default, file information reading is disabled for remote files.\n However, if previews are enabled for remote files, remote attackers may\n be able to compromise the victim's account.\n\n For more details, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0988\n (* Security fix *)\n\nWHERE TO FIND THE NEW PACKAGES:\n\nUpdated packages for Slackware 9.0:\nftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/kde/kdepim-3.1.3-i386-2.tgz\nftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/kde/kdebase-3.1.3-i386-2.tgz\n\nUpdated package for Slackware 9.1:\nftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/kdepim-3.1.4-i486-2.tgz\n\nUpdated packages for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/kde/*.tgz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/kdei/*.tgz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/arts-1.1.5-i486-1.tgz\n\n\nMD5 SIGNATURES:\n\nMD5 signatures may be downloaded from our FTP server:\n\nSlackware 9.0 packages:\nftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/CHECKSUMS.md5\n\nTo verify authenticity, this file has been signed with the Slackware\nGPG key (use 'gpg --verify'):\n\nftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/CHECKSUMS.md5.asc\n\nSlackware 9.1 packages:\nftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/CHECKSUMS.md5\nftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/CHECKSUMS.md5.asc\n\nSlackware -current packages:\nftp://ftp.slackware.com/pub/slackware/slackware-current/CHECKSUMS.md5\nftp://ftp.slackware.com/pub/slackware/slackware-current/CHECKSUMS.md5.asc\n\n\nINSTALLATION INSTRUCTIONS:\n\nAs root, upgrade the package(s) using upgradepkg:\n > upgradepkg *.tgz", "published": "2004-01-14T21:43:35", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.442811", "cvelist": ["CVE-2003-0988"], "lastseen": "2018-02-02T18:11:29"}], "gentoo": [{"id": "GLSA-200404-02", "type": "gentoo", "title": "KDE Personal Information Management Suite Remote Buffer Overflow Vulnerability", "description": "### Background\n\nKDE-PIM is an application suite designed to manage mail, addresses, appointments, and contacts. \n\n### Description\n\nA buffer overflow may occur in KDE-PIM's VCF file reader when a maliciously crafted VCF file is opened by a user on a vulnerable system. \n\n### Impact\n\nA remote attacker may unauthorized access to a user's personal data or execute commands with the user's privileges. \n\n### Workaround\n\nA workaround is not currently known for this issue. All users are advised to upgrade to the latest version of the affected package. \n\n### Resolution\n\nKDE users should upgrade to version 3.1.5 or later: \n \n \n # emerge sync\n \n # emerge -pv \">=kde-base/kde-3.1.5\"\n # emerge \">=kde-base/kde-3.1.5\"", "published": "2004-04-06T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://security.gentoo.org/glsa/200404-02", "cvelist": ["CVE-2003-0988"], "lastseen": "2016-09-06T19:46:31"}]}}