CVE-2005-3863

NameCVE-2005-3863
DescriptionStack-based buffer overflow in kkstrtext.h in ktools library 0.3 and earlier, as used in products such as (1) centericq, (2) orpheus, (3) motor, and (4) groan, allows local users or remote attackers to execute arbitrary code via a long parameter to the VGETSTRING macro.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-1083-1, DSA-1088-1, DTSA-23-1
NVD severityhigh (attack range: remote)
Debian Bugs340959, 368400, 368402

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
centericqsource(unstable)4.21.0-6medium340959
centericqsourceetch4.21.0-6.0etch1highDTSA-23-1
centericqsourcesarge4.20.0-1sarge4highDSA-1088-1
centericqsourcewoody4.5.1-1.1woody2highDSA-1088-1
motorsource(unstable)2:3.4.0-6medium368400
motorsourcesarge2:3.4.0-2sarge1highDSA-1083-1
motorsourcewoody2:3.2.2-2woody1highDSA-1083-1
orpheussource(unstable)1.5-5medium368402

Notes

DTSA is for centericq only
This affects Sarge and Woody centericq
This affects Sarge and Woody motor

Search for package or bug name: Reporting problems