CVE-2005-3863

NameCVE-2005-3863
DescriptionStack-based buffer overflow in kkstrtext.h in ktools library 0.3 and earlier, as used in products such as (1) centericq, (2) orpheus, (3) motor, and (4) groan, allows local users or remote attackers to execute arbitrary code via a long parameter to the VGETSTRING macro.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-1083-1, DSA-1088-1, DTSA-23-1
NVD severityhigh
Debian Bugs340959, 368400, 368402

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
centericqsourcewoody4.5.1-1.1woody2DSA-1088-1
centericqsourcesarge4.20.0-1sarge4DSA-1088-1
centericqsourceetch4.21.0-6.0etch1DTSA-23-1
centericqsource(unstable)4.21.0-6medium340959
motorsourcewoody2:3.2.2-2woody1DSA-1083-1
motorsourcesarge2:3.4.0-2sarge1DSA-1083-1
motorsource(unstable)2:3.4.0-6medium368400
orpheussource(unstable)1.5-5medium368402

Notes

DTSA is for centericq only
This affects Sarge and Woody centericq
This affects Sarge and Woody motor

Search for package or bug name: Reporting problems