Debian Security Advisory

kdebase -- buffer overflow in klock, kvt saves config as root

Date Reported:

30 May 1998

Affected Packages:

kdebase

Vulnerable:

Yes

Security database references:

No other external database security references currently available.

More information:

We have received a report that one can use a simple buffer overflow exploit to gain access to the group shadow on systems running klock. There was also a problem in kvt which saved its configuration as root and not as regular user.

We recommend you upgrade your kdebase package immediately.

Fixed in:

Intel - (in release 1.3) Beta 2-2.3 All - (in release 2.0) 980312-8