Caldera Systems Security Advisory: kdelibs vulnerability for setuid KDE applications | Linux Today

Caldera Systems Security Advisory: kdelibs vulnerability for setuid KDE applications

Written By
Web Webster
Web Webster
Jun 7, 2000

Caldera Systems, Inc. Security Advisory

Subject:                kdelibs vulnerability for setuid KDE applications
Advisory number:        CSSA-2000-015.0
Issue date:             2000 June, 02
Cross reference:        

1. Problem Description

There is a very serious vulnerability in the way KDE starts
applications that allows local users to take over any file in the
system by exploiting setuid root KDE application.

The only vulnerable application shipped with OpenLinux is kISDN,
but third party software might be vulnerable too.

There is currently no fix available.

2. Vulnerable Versions

   System                       Package

   OpenLinux Desktop 2.3        no vulnerable packages included

   OpenLinux eServer 2.3        no vulnerable packages included
   and OpenLinux eBuilder       

   OpenLinux eDesktop 2.4       kISDN

3. Solution

Workaround:

If you do not need kISDN, deinstall it by issuing as root:

rpm -e kisdn

If you need kISDN on a multiuser workstation:

Disable the suid-root sbit by doing as root:

chmod u-s /opt/kde/bin/kisdn

   You can still use kisdn by issuing in a terminal window:
      $ su -p
      Password: 
      # kisdn &

Also check your system for any other KDE application you have
installed from third party sources and remove their suid bits as
shown above.

4. OpenLinux Desktop 2.3

no vulnerable packages included, but third party KDE
applications might be vulnerable.

5. OpenLinux eServer 2.3 and OpenLinux eBuilder for ECential
3.0

no vulnerable packages included, but third party KDE
applications might be vulnerable.

6. OpenLinux eDesktop 2.4

See the workaround above.

7. References

This and other Caldera security resources are located at:

http://www.calderasystems.com/support/security/index.html

This security fix refers to Caldera’s internal Problem Report
6806.

8. Disclaimer

Caldera Systems, Inc. is not responsible for the misuse of any
of the information we provide on this website and/or through our
security advisories. Our advisories are a service to our customers
intended to promote secure installation and use of Caldera
OpenLinux.

9. Acknowledgements

Caldera Systems wishes to thank Sebastian “Stealth” Krahmer for
discovering and reporting the bug.

Web Webster

Web Webster

Web Webster has more than 20 years of writing and editorial experience in the tech sector. He’s written and edited news, demand generation, user-focused, and thought leadership content for business software solutions, consumer tech, and Linux Today, he edits and writes for a portfolio of tech industry news and analysis websites including webopedia.com, and DatabaseJournal.com.

Linux Today Logo

LinuxToday is a trusted, contributor-driven news resource supporting all types of Linux users. Our thriving international community engages with us through social media and frequent content contributions aimed at solving problems ranging from personal computing to enterprise-level IT operations. LinuxToday serves as a home for a community that struggles to find comparable information elsewhere on the web.

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.