Mandrake alert: Updated kdebase packages fix vulnerabilities in KDM

Posted by dave on Sep 16, 2003 11:23 PM EDT
Mailing list
Mail this story
Print this story

A vulnerability was discovered in all versions of KDE 2.2.0 up to and including 3.1.3. KDM does not check for successful completion of the pam_setcred() call and in the case of error conditions in the installed PAM modules, KDM may grant local root access to any user with valid login credentials. It has been reported to the KDE team that a certain configuration of the MIT pam_krb5 module can result in a failing pam_setcred() call which leaves the session alive and would provide root access to any regular user. It is also possible that this vulnerability can likewise be exploited with other PAM modules in a similar manner.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

________________________________________________________________________

                Mandrake Linux Security Update Advisory
________________________________________________________________________

Package name:           kdebase
Advisory ID:            MDKSA-2003:091
Date:                   September 16th, 2003

Affected versions:	9.0, 9.1, Corporate Server 2.1
________________________________________________________________________

Problem Description:

 A vulnerability was discovered in all versions of KDE 2.2.0 up to and
 including 3.1.3.  KDM does not check for successful completion of the
 pam_setcred() call and in the case of error conditions in the installed
 PAM modules, KDM may grant local root access to any user with valid
 login credentials.  It has been reported to the KDE team that a certain
 configuration of the MIT pam_krb5 module can result in a failing
 pam_setcred() call which leaves the session alive and would provide root
 access to any regular user.  It is also possible that this vulnerability
 can likewise be exploited with other PAM modules in a similar manner.
 
 Another vulnerability was discovered in kdm where the cookie session
 generating algorithm was considered too weak to supply a full 128 bits
 of entropy.  This allowed unauthorized users to brute-force the session
 cookie.
 
 mdkkdm, a specialized version of kdm, is likewise vulnerable to these
 problems and has been patched as well.
________________________________________________________________________

References:
  
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0690
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0692
  http://www.kde.org/info/security/advisory-20030916-1.txt
  http://cert.uni-stuttgart.de/archive/suse/security/2002/12/msg00101.html
________________________________________________________________________

Updated Packages:
  
 Corporate Server 2.1:
 b16612d8f4e68781cecaf9d32e12c50c  corporate/2.1/RPMS/kdebase-3.0.5a-1.4mdk.i586.rpm
 a80f6c8029c536d59f92fcf7bcf1abd5  corporate/2.1/RPMS/kdebase-devel-3.0.5a-1.4mdk.i586.rpm
 ae02c014e1994c25a1ee23a7eee8095c  corporate/2.1/RPMS/kdebase-nsplugins-3.0.5a-1.4mdk.i586.rpm
 f9ebdbc69440ca1d11fcd5653f8173d6  corporate/2.1/SRPMS/kdebase-3.0.5a-1.4mdk.src.rpm

 Corporate Server 2.1/x86_64:
 cf6fbbfee865b54584632655fa019ee3  x86_64/corporate/2.1/RPMS/kdebase-3.0.5-2.2mdk.x86_64.rpm
 08867a45c5be3c48bbd4c93ced0b6ebb  x86_64/corporate/2.1/RPMS/kdebase-devel-3.0.5-2.2mdk.x86_64.rpm
 cf53476849eb402be28d6a52ac86a218  x86_64/corporate/2.1/RPMS/kdebase-nsplugins-3.0.5-2.2mdk.x86_64.rpm
 a1ee293f258c76a720310183f0c4dda4  x86_64/corporate/2.1/SRPMS/kdebase-3.0.5-2.2mdk.src.rpm

 Mandrake Linux 9.0:
 b16612d8f4e68781cecaf9d32e12c50c  9.0/RPMS/kdebase-3.0.5a-1.4mdk.i586.rpm
 a80f6c8029c536d59f92fcf7bcf1abd5  9.0/RPMS/kdebase-devel-3.0.5a-1.4mdk.i586.rpm
 ae02c014e1994c25a1ee23a7eee8095c  9.0/RPMS/kdebase-nsplugins-3.0.5a-1.4mdk.i586.rpm
 f9ebdbc69440ca1d11fcd5653f8173d6  9.0/SRPMS/kdebase-3.0.5a-1.4mdk.src.rpm

 Mandrake Linux 9.1:
 06423402c174ef11a64bd0ed44c4a624  9.1/RPMS/kdebase-3.1-83.5mdk.i586.rpm
 bfa3c991495ec60d87858cd1563353ab  9.1/RPMS/kdebase-devel-3.1-83.5mdk.i586.rpm
 cfef59c2e6d2c0faf7469ab2d036e091  9.1/RPMS/kdebase-kdm-3.1-83.5mdk.i586.rpm
 ab122d6e7931a96d239e0aa6db401ffa  9.1/RPMS/kdebase-nsplugins-3.1-83.5mdk.i586.rpm
 dbcedf83b6ed92afb8d30bdf54ec38d5  9.1/RPMS/mdkkdm-9.1-24.2mdk.i586.rpm
 dc8f0c5f34088514900266eeaeff63bb  9.1/SRPMS/kdebase-3.1-83.5mdk.src.rpm
 d5c82813906df0100a099e10a030672b  9.1/SRPMS/mdkkdm-9.1-24.2mdk.src.rpm

 Mandrake Linux 9.1/PPC:
 a34824fd162a8ce79258c4db2f2c2d56  ppc/9.1/RPMS/kdebase-3.1-83.5mdk.ppc.rpm
 2f3bb4c00a78faa0792dd0353b6e09f2  ppc/9.1/RPMS/kdebase-devel-3.1-83.5mdk.ppc.rpm
 818e187fcc9328683fd8e33044c43a78  ppc/9.1/RPMS/kdebase-kdm-3.1-83.5mdk.ppc.rpm
 63a508bdfc7040697fd200c9f580204b  ppc/9.1/RPMS/kdebase-nsplugins-3.1-83.5mdk.ppc.rpm
 499cd7d3f1e4cc7b1276c0f9eed1c0cf  ppc/9.1/RPMS/mdkkdm-9.1-24.2mdk.ppc.rpm
 dc8f0c5f34088514900266eeaeff63bb  ppc/9.1/SRPMS/kdebase-3.1-83.5mdk.src.rpm
 d5c82813906df0100a099e10a030672b  ppc/9.1/SRPMS/mdkkdm-9.1-24.2mdk.src.rpm
________________________________________________________________________

Bug IDs fixed (see https://qa.mandrakesoft.com for more information):
________________________________________________________________________

To upgrade automatically, use MandrakeUpdate or urpmi.  The verification
of md5 checksums and GPG signatures is performed automatically for you.

A list of FTP mirrors can be obtained from:

  http://www.mandrakesecure.net/en/ftp.php

All packages are signed by MandrakeSoft for security.  You can obtain
the GPG public key of the Mandrake Linux Security Team by executing:

  gpg --recv-keys --keyserver http://www.mandrakesecure.net 0x22458A98

Please be aware that sometimes it takes the mirrors a few hours to
update.

You can view other update advisories for Mandrake Linux at:

  http://www.mandrakesecure.net/en/advisories/

MandrakeSoft has several security-related mailing list services that
anyone can subscribe to.  Information on these lists can be obtained by
visiting:

  http://www.mandrakesecure.net/en/mlist.php

If you want to report vulnerabilities, please contact

  security_linux-mandrake.com

Type Bits/KeyID     Date       User ID
pub  1024D/22458A98 2000-07-10 Linux Mandrake Security Team
  <security linux-mandrake.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQE/aAzXmqjQ0CJFipgRAjTHAKCgKgOL5FfAY8Cl21us3zCu++mDeQCgyted
IAsCqtqf8FjLxw8SCuTbJ00=
=HHre
-----END PGP SIGNATURE-----

  Nav
» Read more about: Story Type: Security; Groups: Mandriva

« Return to the newswire homepage

This topic does not have any threads posted yet!

You cannot post until you login.