5994634 2001-01-23 10:39 -0700  /121 rader/ Caldera Support Info <sup-info@LOCUTUS4.CALDERASYSTEMS.COM>
Sänt av: joel@lysator.liu.se
Importerad: 2001-01-24  03:12  av Brevbäraren (som är implementerad i) Python
Extern mottagare: BUGTRAQ@SECURITYFOCUS.COM
Externa svar till: sup-info@LOCUTUS4.CALDERASYSTEMS.COM
Mottagare: Bugtraq (import) <14973>
Ärende: Security Update: CSSA-2001-005.0 password sniffing in kdesu
------------------------------------------------------------
From: Caldera Support Info <sup-info@LOCUTUS4.CALDERASYSTEMS.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
Message-ID: <20010123103936.A24899@locutus4.calderasystems.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

______________________________________________________________________________
		   Caldera Systems, Inc.  Security Advisory

Subject:		password sniffing in kdesu
Advisory number: 	CSSA-2001-005.0
Issue date: 		2001 January, 23
Cross reference:
______________________________________________________________________________


1. Problem Description

   KDE2 comes with a program called kdesu that is used to run certain
   administration commands under the account of the super user (for
   instance, every time the KDE control center asks you for the root
   password, you actually talk to kdesu).

   There is a bug in kdesu that allows any user on the system to steal
   the passwords you enter at the kdesu prompt.

2. Vulnerable Versions

   System                       Package
   -----------------------------------------------------------
   OpenLinux eDesktop 2.4	All packages previous to
				kdebase2-2.0-6 and kdelibs2-2.0-6
				Note that you are not vulnerable
				if you didn't install the KDE2
				update.

3. Solution

   Workaround:

     There is no real workaround for this bug, and the following is
     _not_ a permanent solution to the problem; this is merely a
     temporary solution until you have installed the update.

     As the super user, create directories in /tmp that have the same
     name as the socket used by kdesu:

		mkdir /tmp/kdesud_UID_0
	
     where UID ranges over all user IDs of users on your system. Note
     that the trailing 0 is the display number, so if you run several
     X servers on your machine, you need to repeat the process for
     display 1, 2, etc.

     In order to protect just yourself, the following will do the
trick:

		mkdir /tmp/kdesud_`id -u`_0

   The proper solution is to upgrade to the fixed packages.

4. OpenLinux eDesktop 2.4

   5.1 Location of Fixed Packages

       The upgrade packages can be found on Caldera's FTP site at:

       ftp://ftp.calderasystems.com/pub/updates/eDesktop/2.4/current/RPMS/

       The corresponding source code package can be found at:

       ftp://ftp.calderasystems.com/pub/updates/eDesktop/2.4/current/SRPMS

   5.2 Verification

       23a677755332e24db259ebce9a754e14  SRPMS/kdebase2-2.0-6.src.rpm
       083b8ddaf4f67d2d0b4146245034229b  RPMS/kdebase2-2.0-6.i386.rpm
       b759a751da20a2d6c6c296da94e1656e
       RPMS/kdebase2-opengl-2.0-6.i386.rpm
       7970d51bc04e4e23e03b01f001f56780  SRPMS/kdelibs2-2.0-6.src.rpm
       20aa5f2327d8978700c22c8afce9df34  RPMS/kdelibs2-2.0-6.i386.rpm
       cfd8744b1950a9c5f5cf4ecd7adc0f3b
       RPMS/kdelibs2-devel-2.0-6.i386.rpm
       c922e03e8f1024a134d2542e61afca22
       RPMS/kdelibs2-devel-static-2.0-6.i386.rpm
       d394c163bda790719881fc0defc3dca9
       RPMS/kdelibs2-doc-2.0-6.i386.rpm

   5.3 Installing Fixed Packages

       Upgrade the affected packages with the following commands:

	  rpm -Fhv kde*2.0-6.i386.rpm

5. References

   This and other Caldera security resources are located at:

   http://www.calderasystems.com/support/security/index.html

   This security fix closes Caldera's internal Problem Report 8718.

6. Disclaimer

   Caldera Systems, Inc. is not responsible for the misuse of any of
   the information we provide on this website and/or through our
   security advisories. Our advisories are a service to our customers
   intended to promote secure installation and use of Caldera
   OpenLinux.

7. Acknowledgements

   Caldera Systems, Inc. wishes to thank Sebastian Krahmer (SuSE) and
   Waldo Bastian (KDE) for their assistance.

______________________________________________________________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.1 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE6bWEY18sy83A/qfwRAt0AAKC1eQpXRqVC2d4crHFEXaYuO08EDACfek/L
XOoqPc1KETiu0+vLLy5XelU=
=UqjX
-----END PGP SIGNATURE-----
(5994634) --------------------------------(Ombruten)