---

SuSE Security Announcement: kdesu

Date: Tue, 30 Jan 2001 15:16:08 +0100
From: Sebastian Krahmer krahmer@SUSE.DE
To: BUGTRAQ@SECURITYFOCUS.COM
Subject: SuSE Security Announcement: kdesu


                        SuSE Security Announcement

        Package:                kdesu
        Announcement-ID:        SuSE-SA:2001:02
        Date:
        Affected SuSE versions: 6.0, 6.1, 6.2, 6.3, 6.4, 7.0
        Vulnerability Type:     local root compromise
        Severity (1-10):        3
        SuSE default package:   yes
        Other affected systems: All KDE 1 & KDE 2 systems

    Content of this advisory:
        1) security vulnerability resolved: kdesu
           problem description, discussion, solution and upgrade information
        2) pending vulnerabilities, solutions, workarounds
        3) standard appendix (further information)

1) problem description, brief discussion, solution, upgrade
information

kdesu is a KDE frontend for su(1). When invoked it prompts for
the root password and runs su(1). kdesu itself does not run
setuid/setgid.

However when enabling the ‘keep password’ option it tries to
send the password across process boundaries to kdesud via a UNIX
socket. During this it does not verify the identity of the listener
on the other end. This allows attackers to obtain the root
password.

This bug has been fixed in the update packages by checking the
ownership of the socket on the listener side.

Download the update package from locations desribed below and
install the package with the command `rpm -Uhv file.rpm’. The
md5sum for each file is in the line below. You can verify the
integrity of the rpm files using the command `rpm –checksig
–nogpg file.rpm’, independently from the md5 signatures below.

i386 Intel Platform:

SuSE-6.1:

ftp://ftp.suse.com/pub/suse/i386/update/6.1/kpa1/kdesu-0.98-187.i386.rpm

3d51f84f2dc87916bc937f3afe507c1a

SuSE-6.1:
ftp://ftp.suse.com/pub/suse/i386/update/6.1/kpa1/kdesu.rpm

3d51f84f2dc87916bc937f3afe507c1a

source rpm:

ftp://ftp.suse.com/pub/suse/i386/update/6.1/zq1/kdesu-0.98-187.src.rpm

f8764afd475fa7a41c18603d15ce48ab

SuSE-6.2:

ftp://ftp.suse.com/pub/suse/i386/update/6.2/kpa1/kdesu-0.98-187.i386.rpm

027617e19c957b1ed5f42f140b62521b

SuSE-6.2:
ftp://ftp.suse.com/pub/suse/i386/update/6.2/kpa1/kdesu.rpm

027617e19c957b1ed5f42f140b62521b

source rpm:

ftp://ftp.suse.com/pub/suse/i386/update/6.2/zq1/kdesu-0.98-187.src.rpm

9cf3d4b0c00db4598968dd5c7e07eef7

SuSE-6.3:

ftp://ftp.suse.com/pub/suse/i386/update/6.3/kpa1/kdesu-0.98-187.i386.rpm

d2b6c6f3330a20c2eb7d5500de2f9df6

SuSE-6.3:
ftp://ftp.suse.com/pub/suse/i386/update/6.3/kpa1/kdesu.rpm

d2b6c6f3330a20c2eb7d5500de2f9df6

source rpm:

ftp://ftp.suse.com/pub/suse/i386/update/6.3/zq1/kdesu-0.98-187.src.rpm

a50cc8ba1a793f9151559454fdad0a14

SuSE-6.4:

ftp://ftp.suse.com/pub/suse/i386/update/6.4/kpa1/kdesu-0.98-187.i386.rpm

8f06dd49bdc00dca25eff33a3754ddee

SuSE-6.4:
ftp://ftp.suse.com/pub/suse/i386/update/6.4/kpa1/kdesu.rpm

8f06dd49bdc00dca25eff33a3754ddee

source rpm:

ftp://ftp.suse.com/pub/suse/i386/update/6.4/zq1/kdesu-0.98-187.src.rpm

0ca2d30cf51d1307f88581d4e240bbf0

SuSE-7.0:

ftp://ftp.suse.com/pub/suse/i386/update/7.0/kpa1/kdesu-0.98-187.i386.rpm

c7238ea5775939239b3857b550ca9f1b

SuSE-7.0:
ftp://ftp.suse.com/pub/suse/i386/update/7.0/kpa1/kdesu.rpm

c7238ea5775939239b3857b550ca9f1b

source rpm:

ftp://ftp.suse.com/pub/suse/i386/update/7.0/zq1/kdesu-0.98-187.src.rpm

bc74c75ba0b514f7df4f0250ccc7454a

Sparc Platform:

AXP Alpha Platform:

SuSE-6.1:

ftp://ftp.suse.com/pub/suse/axp/update/6.1/kpa1/kdesu-0.98-187.alpha.rpm

8017cd7fed463cae4bef3fa471e7e1d8

SuSE-6.1:
ftp://ftp.suse.com/pub/suse/axp/update/6.1/kpa1/kdesu.rpm

8017cd7fed463cae4bef3fa471e7e1d8

source rpm:

ftp://ftp.suse.com/pub/suse/axp/update/6.1/zq1/kdesu-0.98-187.src.rpm

78846e4ae3f50e9264e8840da1a628a8

SuSE-6.3:

ftp://ftp.suse.com/pub/suse/axp/update/6.3/kpa1/kdesu-0.98-187.alpha.rpm

cf1629ba236c0c84e0f2b33101b5f1aa

SuSE-6.3:
ftp://ftp.suse.com/pub/suse/axp/update/6.3/kpa1/kdesu.rpm

cf1629ba236c0c84e0f2b33101b5f1aa

source rpm:

ftp://ftp.suse.com/pub/suse/axp/update/6.3/zq1/kdesu-0.98-187.src.rpm

da851ebaee36cb91cb1e1fca0c8bfda2

SuSE-6.4:

ftp://ftp.suse.com/pub/suse/axp/update/6.4/kpa1/kdesu-0.98-187.alpha.rpm

d1904cc9db320ea2c576b73633ee6bd5

SuSE-6.4:
ftp://ftp.suse.com/pub/suse/axp/update/6.4/kpa1/kdesu.rpm

d1904cc9db320ea2c576b73633ee6bd5

source rpm:

ftp://ftp.suse.com/pub/suse/axp/update/6.4/zq1/kdesu-0.98-187.src.rpm

27261cf8ff0ea66a597520260b832f7d

SuSE-7.0:

ftp://ftp.suse.com/pub/suse/axp/update/7.0/kpa1/kdesu-0.98-187.alpha.rpm

be3b258eeeb3c56351b93ec8a32826db

SuSE-7.0:
ftp://ftp.suse.com/pub/suse/axp/update/7.0/kpa1/kdesu.rpm

be3b258eeeb3c56351b93ec8a32826db

source rpm:

ftp://ftp.suse.com/pub/suse/axp/update/7.0/zq1/kdesu-0.98-187.src.rpm

b7e3139377784c5cbbc4f14a5061d124

PPC Power PC Platform:

SuSE-6.4:

ftp://ftp.suse.com/pub/suse/ppc/update/6.4/kpa1/kdesu-0.98-187.ppc.rpm

705afa4defc64c48f89dd94b2d52c296

SuSE-6.4:
ftp://ftp.suse.com/pub/suse/ppc/update/6.4/kpa1/kdesu.rpm

705afa4defc64c48f89dd94b2d52c296

source rpm:

ftp://ftp.suse.com/pub/suse/ppc/update/6.4/zq1/kdesu-0.98-187.src.rpm

32e626fa7e8206d6803957c77062185b

SuSE-7.0:

ftp://ftp.suse.com/pub/suse/ppc/update/7.0/kpa1/kdesu-0.98-187.ppc.rpm

e9b4a8a26844af0bc8cb37c8d2d26530

SuSE-7.0:
ftp://ftp.suse.com/pub/suse/ppc/update/7.0/kpa1/kdesu.rpm

e9b4a8a26844af0bc8cb37c8d2d26530

source rpm:

ftp://ftp.suse.com/pub/suse/ppc/update/7.0/zq1/kdesu-0.98-187.src.rpm

aaa092ffafe149ef8ba3acf570966e09


2) Pending vulnerabilities in SuSE Distributions and
Workarounds:

– Kmail remote code execution. This issue will be adressed in
following advisories.

– pgp4pine bufferoverflow. Very unlikely to be exploited, but
next advisories will contain information on this as well as URL’s
for patches.


3) standard appendix:

SuSE runs two security mailing lists to which any interested
party may subscribe:

suse-security@suse.com
– general/linux/SuSE security discussion.
All SuSE security announcements are sent to this list. To
subscribe, send an email to suse-security-subscribe@suse.com.

suse-security-announce@suse.com

– SuSE’s announce-only mailing list.
Only SuSE’s security annoucements are sent to this list. To
subscribe, send an email to suse-security-announce-subscribe@suse.com.

For general information or the frequently asked questions (faq)
send mail to:
suse-security-info@suse.com
or
suse-security-faq@suse.com
respectively.


SuSE’s security contact is security@suse.com.


Regards,
Sebastian Krahmer

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends, & analysis