CVE-2005-3863

Name	CVE-2005-3863
Description	Stack-based buffer overflow in kkstrtext.h in ktools library 0.3 and earlier, as used in products such as (1) centericq, (2) orpheus, (3) motor, and (4) groan, allows local users or remote attackers to execute arbitrary code via a long parameter to the VGETSTRING macro.
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
References	DSA-1083-1, DSA-1088-1, DTSA-23-1
Debian Bugs	340959, 368400, 368402

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency	Origin	Debian Bugs
centericq	source	woody	4.5.1-1.1woody2		DSA-1088-1
centericq	source	sarge	4.20.0-1sarge4		DSA-1088-1
centericq	source	etch	4.21.0-6.0etch1		DTSA-23-1
centericq	source	(unstable)	4.21.0-6	medium		340959
motor	source	woody	2:3.2.2-2woody1		DSA-1083-1
motor	source	sarge	2:3.4.0-2sarge1		DSA-1083-1
motor	source	(unstable)	2:3.4.0-6	medium		368400
orpheus	source	(unstable)	1.5-5	medium		368402

Notes

DTSA is for centericq only
This affects Sarge and Woody centericq
This affects Sarge and Woody motor