KDE Security Advisory: resLISa / LISa Vulnerabilities
admin at kclinux.net
admin at kclinux.net
Fri Nov 22 16:17:19 CST 2002
http://www.kde.org/info/security/advisory-20021111-2.txt
"The SuSE security team discovered two vulnerabilities in the KDE
lanbrowsing service during an audit. The LISa network daemon and "reslisa",
a restricted version of LISa are used to identify servers on the local
network by using the URL type "lan://" and "rlan://" respectively. A buffer
overflow was discovered in the lisa daemon that can be exploited by an
attacker on the local network to obtain root privilege on a machine running
the lisa daemon. Another buffer overflow was found in the lan:// URL
handler, which can be exploited by a remote attacker to gain access to the
victim user's account."
More information about the Kclug
mailing list