Caldera Systems, Inc. Security Advisory
Subject: kdelibs vulnerability for setuid KDE applications Advisory number: CSSA-2000-015.0 Issue date: 2000 June, 02 Cross reference:
1. Problem Description
There is a very serious vulnerability in the way KDE starts
applications that allows local users to take over any file in the
system by exploiting setuid root KDE application.
The only vulnerable application shipped with OpenLinux is kISDN,
but third party software might be vulnerable too.
There is currently no fix available.
2. Vulnerable Versions
System Package
OpenLinux Desktop 2.3 no vulnerable packages included OpenLinux eServer 2.3 no vulnerable packages included and OpenLinux eBuilder OpenLinux eDesktop 2.4 kISDN
3. Solution
Workaround:
If you do not need kISDN, deinstall it by issuing as root:
rpm -e kisdn
If you need kISDN on a multiuser workstation:
Disable the suid-root sbit by doing as root:
chmod u-s /opt/kde/bin/kisdn
You can still use kisdn by issuing in a terminal window: $ su -p Password: # kisdn &
Also check your system for any other KDE application you have
installed from third party sources and remove their suid bits as
shown above.
4. OpenLinux Desktop 2.3
no vulnerable packages included, but third party KDE
applications might be vulnerable.
5. OpenLinux eServer 2.3 and OpenLinux eBuilder for ECential
3.0
no vulnerable packages included, but third party KDE
applications might be vulnerable.
6. OpenLinux eDesktop 2.4
See the workaround above.
7. References
This and other Caldera security resources are located at:
http://www.calderasystems.com/support/security/index.html
This security fix refers to Caldera’s internal Problem Report
6806.
8. Disclaimer
Caldera Systems, Inc. is not responsible for the misuse of any
of the information we provide on this website and/or through our
security advisories. Our advisories are a service to our customers
intended to promote secure installation and use of Caldera
OpenLinux.
9. Acknowledgements
Caldera Systems wishes to thank Sebastian “Stealth” Krahmer for
discovering and reporting the bug.