CVE-2005-0011 : Multiple vulnerabilities in fliccd, when installed setuid root as part of the kd

Multiple vulnerabilities in fliccd, when installed setuid root as part of the kdeedu Kstars support for Instrument Neutral Distributed Interface (INDI) in KDE 3.3 to 3.3.2, allow local users and remote attackers to execute arbitrary code via stack-based buffer overflows.

Published 2005-05-02 04:00:00

Updated 2008-09-05 20:45:05

Source MITRE

View at NVD, CVE.org

Vulnerability category: Execute code

Products affected by CVE-2005-0011

KDE » KDE » Version: 3.3.1
cpe:2.3:o:kde:kde:3.3.1:*:*:*:*:*:*:*
Matching versions
KDE » KDE » Version: 3.3
cpe:2.3:o:kde:kde:3.3:*:*:*:*:*:*:*
Matching versions
KDE » KDE » Version: 3.3.2
cpe:2.3:o:kde:kde:3.3.2:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2005-0011

EPSS FAQ

4.91%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 89 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2005-0011

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
10.0	HIGH	AV:N/AC:L/Au:N/C:C/I:C/A:C	10.0	10.0	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

References for CVE-2005-0011

http://www.redhat.com/archives/fedora-announce-list/2005-February/msg00044.html

Vendor Advisory
http://www.kde.org/info/security/advisory-20050215-1.txt

Patch;Vendor Advisory
http://www.gentoo.org/security/en/glsa/glsa-200502-23.xml

Vendor Advisory

Jump to

Vulnerability Details : CVE-2005-0011

Products affected by CVE-2005-0011

Exploit prediction scoring system (EPSS) score for CVE-2005-0011

CVSS scores for CVE-2005-0011

References for CVE-2005-0011