Date: Tue, 23 Jan 2001 10:39:36 -0700
From: Caldera Support Info sup-info@LOCUTUS4.CALDERASYSTEMS.COM
To: BUGTRAQ@SECURITYFOCUS.COM
Subject: Security Update: CSSA-2001-005.0 password sniffing in
kdesu
Caldera Systems, Inc. Security Advisory
Subject: password sniffing in kdesu
Advisory number: CSSA-2001-005.0
Issue date: 2001 January, 23
Cross reference:
1. Problem Description
KDE2 comes with a program called kdesu that is used to run
certain administration commands under the account of the super user
(for instance, every time the KDE control center asks you for the
root password, you actually talk to kdesu).
There is a bug in kdesu that allows any user on the system to
steal the passwords you enter at the kdesu prompt.
2. Vulnerable Versions
System Package
OpenLinux eDesktop 2.4 All packages previous to
kdebase2-2.0-6 and kdelibs2-2.0-6
Note that you are not vulnerable
if you didn't install the KDE2
update.
3. Solution
Workaround:
There is no real workaround for this bug, and the following is
_not_ a permanent solution to the problem; this is merely a
temporary solution until you have installed the update.
As the super user, create directories in /tmp that have the same
name as the socket used by kdesu:
mkdir /tmp/kdesud_UID_0
where UID ranges over all user IDs of users on your system. Note
that the trailing 0 is the display number, so if you run several X
servers on your machine, you need to repeat the process for display
1, 2, etc.
In order to protect just yourself, the following will do the
trick:
mkdir /tmp/kdesud_`id -u`_0
The proper solution is to upgrade to the fixed packages.
4. OpenLinux eDesktop 2.4
5.1 Location of Fixed Packages
The upgrade packages can be found on Caldera’s FTP site at:
ftp://ftp.calderasystems.com/pub/updates/eDesktop/2.4/current/RPMS/
The corresponding source code package can be found at:
ftp://ftp.calderasystems.com/pub/updates/eDesktop/2.4/current/SRPMS
5.2 Verification
23a677755332e24db259ebce9a754e14 SRPMS/kdebase2-2.0-6.src.rpm 083b8ddaf4f67d2d0b4146245034229b RPMS/kdebase2-2.0-6.i386.rpm b759a751da20a2d6c6c296da94e1656e RPMS/kdebase2-opengl-2.0-6.i386.rpm 7970d51bc04e4e23e03b01f001f56780 SRPMS/kdelibs2-2.0-6.src.rpm 20aa5f2327d8978700c22c8afce9df34 RPMS/kdelibs2-2.0-6.i386.rpm cfd8744b1950a9c5f5cf4ecd7adc0f3b RPMS/kdelibs2-devel-2.0-6.i386.rpm c922e03e8f1024a134d2542e61afca22 RPMS/kdelibs2-devel-static-2.0-6.i386.rpm d394c163bda790719881fc0defc3dca9 RPMS/kdelibs2-doc-2.0-6.i386.rpm
5.3 Installing Fixed Packages
Upgrade the affected packages with the following commands:
rpm -Fhv kde*2.0-6.i386.rpm
5. References
This and other Caldera security resources are located at:
http://www.calderasystems.com/support/security/index.html
This security fix closes Caldera’s internal Problem Report
8718.
6. Disclaimer
Caldera Systems, Inc. is not responsible for the misuse of any
of the information we provide on this website and/or through our
security advisories. Our advisories are a service to our customers
intended to promote secure installation and use of Caldera
OpenLinux.
7. Acknowledgements
Caldera Systems, Inc. wishes to thank Sebastian Krahmer (SuSE)
and Waldo Bastian (KDE) for their assistance.