Return-Path: owner-bugtraq@SECURITYFOCUS.COM Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i Message-ID: <20000606202628.A6051@ns.lst.de> Date: Tue, 6 Jun 2000 20:26:28 +0200 Reply-To: Caldera Systems Security Sender: Bugtraq List From: Caldera Systems Security Subject: Caldera Security Advisory CSSA-2000-015: suid root KDE applications To: BUGTRAQ@SECURITYFOCUS.COM -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ Caldera Systems, Inc. Security Advisory Subject: kdelibs vulnerability for setuid KDE applications Advisory number: CSSA-2000-015.0 Issue date: 2000 June, 02 Cross reference: ______________________________________________________________________________ 1. Problem Description There is a very serious vulnerability in the way KDE starts applications that allows local users to take over any file in the system by exploiting setuid root KDE application. The only vulnerable application shipped with OpenLinux is kISDN, but third party software might be vulnerable too. There is currently no fix available. 2. Vulnerable Versions System Package ----------------------------------------------------------- OpenLinux Desktop 2.3 no vulnerable packages included OpenLinux eServer 2.3 no vulnerable packages included and OpenLinux eBuilder OpenLinux eDesktop 2.4 kISDN 3. Solution Workaround: If you do not need kISDN, deinstall it by issuing as root: rpm -e kisdn If you need kISDN on a multiuser workstation: Disable the suid-root sbit by doing as root: chmod u-s /opt/kde/bin/kisdn You can still use kisdn by issuing in a terminal window: $ su -p Password: # kisdn & Also check your system for any other KDE application you have installed from third party sources and remove their suid bits as shown above. 4. OpenLinux Desktop 2.3 no vulnerable packages included, but third party KDE applications might be vulnerable. 5. OpenLinux eServer 2.3 and OpenLinux eBuilder for ECential 3.0 no vulnerable packages included, but third party KDE applications might be vulnerable. 6. OpenLinux eDesktop 2.4 See the workaround above. 7. References This and other Caldera security resources are located at: http://www.calderasystems.com/support/security/index.html This security fix refers to Caldera's internal Problem Report 6806. 8. Disclaimer Caldera Systems, Inc. is not responsible for the misuse of any of the information we provide on this website and/or through our security advisories. Our advisories are a service to our customers intended to promote secure installation and use of Caldera OpenLinux. 9. Acknowledgements Caldera Systems wishes to thank Sebastian "Stealth" Krahmer for discovering and reporting the bug. ______________________________________________________________________________ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.1 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE5N5b+18sy83A/qfwRAmDfAKC8gAzQiJJc1sDCwM8IqYFFujR7JgCeO65q kqD9K+pF1E5f0CtXg/e2bnk= =kzOd -----END PGP SIGNATURE-----