CVE-2002-1306

Multiple buffer overflows in LISa on KDE 2.x for 2.1 and later, and KDE 3.x before 3.0.4, allow (1) local and possibly remote attackers to execute arbitrary code via the "lisa" daemon, and (2) remote attackers to execute arbitrary code via a certain "lan://" URL.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.kde.org/info/security/advisory-20021111-2.txt	Patch Vendor Advisory
http://www.iss.net/security_center/static/10598.php	Vendor Advisory
http://www.novell.com/linux/security/advisories/2002_042_kdenetwork.html
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-080.php
http://www.redhat.com/support/errata/RHSA-2002-220.html
http://www.debian.org/security/2002/dsa-214
http://www.ciac.org/ciac/bulletins/n-020.shtml
http://www.iss.net/security_center/static/10597.php
http://marc.info/?l=bugtraq&m=103728981029342&w=2
http://marc.info/?l=bugtraq&m=103712329102632&w=2

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:kde:kde:2.2:::::::*
	cpe:2.3:o:kde:kde:2.2.1:::::::*
	cpe:2.3:o:kde:kde:2.2.2:::::::*
	cpe:2.3:o:kde:kde:3.0:::::::*
	cpe:2.3:o:kde:kde:2.1.1:::::::*
	cpe:2.3:o:kde:kde:2.1.2:::::::*
	cpe:2.3:o:kde:kde:3.0.3:::::::*
	cpe:2.3:o:kde:kde:2.1:::::::*
	cpe:2.3:o:kde:kde:3.0.1:::::::*
	cpe:2.3:o:kde:kde:3.0.2:::::::*

Information

Published : 2002-11-28 21:00

Updated : 2016-10-17 19:25

NVD link : CVE-2002-1306

Mitre link : CVE-2002-1306

JSON object : View

CWE

NVD-CWE-Other

Products Affected

kde

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.kde.org/info/security/advisory-20021111-2.txt", "name": "http://www.kde.org/info/security/advisory-20021111-2.txt", "tags": ["Patch", "Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://www.iss.net/security_center/static/10598.php", "name": "kde-kdenetwork-lan-bo(10598)", "tags": ["Vendor Advisory"], "refsource": "XF"}, {"url": "http://www.novell.com/linux/security/advisories/2002_042_kdenetwork.html", "name": "SuSE-SA:2002:042", "tags": [], "refsource": "SUSE"}, {"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-080.php", "name": "MDKSA-2002:080", "tags": [], "refsource": "MANDRAKE"}, {"url": "http://www.redhat.com/support/errata/RHSA-2002-220.html", "name": "RHSA-2002:220", "tags": [], "refsource": "REDHAT"}, {"url": "http://www.debian.org/security/2002/dsa-214", "name": "DSA-214", "tags": [], "refsource": "DEBIAN"}, {"url": "http://www.ciac.org/ciac/bulletins/n-020.shtml", "name": "N-020", "tags": [], "refsource": "CIAC"}, {"url": "http://www.iss.net/security_center/static/10597.php", "name": "kde-kdenetwork-lisa-bo(10597)", "tags": [], "refsource": "XF"}, {"url": "http://marc.info/?l=bugtraq&m=103728981029342&w=2", "name": "20021114 GLSA: kdelibs", "tags": [], "refsource": "BUGTRAQ"}, {"url": "http://marc.info/?l=bugtraq&m=103712329102632&w=2", "name": "20021112 KDE Security Advisory: resLISa / LISa Vulnerabilities", "tags": [], "refsource": "BUGTRAQ"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Multiple buffer overflows in LISa on KDE 2.x for 2.1 and later, and KDE 3.x before 3.0.4, allow (1) local and possibly remote attackers to execute arbitrary code via the \"lisa\" daemon, and (2) remote attackers to execute arbitrary code via a certain \"lan://\" URL."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2002-1306", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "HIGH", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}}, "publishedDate": "2002-11-29T05:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:kde:kde:2.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:kde:kde:2.2.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:kde:kde:2.2.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:kde:kde:3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:kde:kde:2.1.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:kde:kde:2.1.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:kde:kde:3.0.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:kde:kde:2.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:kde:kde:3.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:kde:kde:3.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2016-10-18T02:25Z"}

7.5 /10