FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

kpopup -- local root exploit and local denial of service

Affected packages
0.9.1 <= kpopup <= 0.9.5

Details

VuXML ID 1613db79-8e52-11da-8426-000fea0a9611
Discovery 2003-10-28
Entry 2006-02-07

Mitre CVE reports:

Format string vulnerability in main.cpp in kpopup 0.9.1-0.9.5pre2 allows local users to cause a denial of service (segmentation fault) and possibly execute arbitrary code via format string specifiers in command line arguments.

misc.cpp in KPopup 0.9.1 trusts the PATH variable when executing killall, which allows local users to elevate their privileges by modifying the PATH variable to reference a malicious killall program.

SecurityFocus credits "b0f" b0fnet@yahoo.com

References

Bugtraq ID 8915
Bugtraq ID 8918
CVE Name CVE-2003-1167
CVE Name CVE-2003-1170
URL http://www.henschelsoft.de/kpopup_en.html
URL http://www.securityfocus.com/archive/1/342736