FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

kpopup -- local root exploit and local denial of service

Affected packages
0.9.1 <= kpopup <= 0.9.5

Details

VuXML ID 1613db79-8e52-11da-8426-000fea0a9611
Discovery 2003-10-28
Entry 2006-02-07

Mitre CVE reports:

Format string vulnerability in main.cpp in kpopup 0.9.1-0.9.5pre2 allows local users to cause a denial of service (segmentation fault) and possibly execute arbitrary code via format string specifiers in command line arguments.

[source]

misc.cpp in KPopup 0.9.1 trusts the PATH variable when executing killall, which allows local users to elevate their privileges by modifying the PATH variable to reference a malicious killall program.

[source]

SecurityFocus credits "b0f" b0fnet@yahoo.com

References

Bugtraq ID 8915
Bugtraq ID 8918
CVE Name CVE-2003-1167
CVE Name CVE-2003-1170
URL http://www.henschelsoft.de/kpopup_en.html
URL http://www.securityfocus.com/archive/1/342736

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.