CVE-2005-3863

Name	CVE-2005-3863
Description	Stack-based buffer overflow in kkstrtext.h in ktools library 0.3 and earlier, as used in products such as (1) centericq, (2) orpheus, (3) motor, and (4) groan, allows local users or remote attackers to execute arbitrary code via a long parameter to the VGETSTRING macro.
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
References	DSA-1083-1, DSA-1088-1, DTSA-23-1
NVD severity	high (attack range: remote)
Debian Bugs	340959, 368400, 368402

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency	Origin	Debian Bugs
centericq	source	(unstable)	4.21.0-6	medium		340959
centericq	source	etch	4.21.0-6.0etch1	high	DTSA-23-1
centericq	source	sarge	4.20.0-1sarge4	high	DSA-1088-1
centericq	source	woody	4.5.1-1.1woody2	high	DSA-1088-1
motor	source	(unstable)	2:3.4.0-6	medium		368400
motor	source	sarge	2:3.4.0-2sarge1	high	DSA-1083-1
motor	source	woody	2:3.2.2-2woody1	high	DSA-1083-1
orpheus	source	(unstable)	1.5-5	medium		368402

Notes

DTSA is for centericq only
This affects Sarge and Woody centericq
This affects Sarge and Woody motor