SuSE Security Announcement: Package: kmulti

SuSE Security Announcement: Package: kmulti <= 1.1.2

Written By
Web Webster
Web Webster
May 29, 2000

Date: Mon, 29 May 2000 18:12:58 +0200 (MEST)
From: Thomas Biege thomas@suse.de
To: suse-security-announce@suse.com
Subject: [suse-security-announce] SuSE Security Announcement:
kmulti


                        SuSE Security Announcement

        Package:  kmulti <= 1.1.2
        Date:     Mon May 29 17:44:28 MEST 2000

        Affected SuSE versions: 6.1-6.4
        Vulnerability Type:     local root compromise
        SuSE default package:   no
        Other affected systems: all unix systems using kdemultimedia and
                                setting kscd setgid disk

A security hole was discovered in the package mentioned above.
Please update it as soon as possible or disable the service if you
are using this software on your SuSE Linux installation(s).

Other Linux distributions or operating systems might be affected
as well, please contact your vendor for information about this
issue.

Please note that we provide this information on an “as-is” basis
only. There is no warranty whatsoever and no liability for any
direct, indirect or incidental damage arising from this information
or the installation of the update package.


1. Problem Description

The KDE CD player kscd is setgid disk to be able to access the
device file of the CDROM. To perform some action kscd calls the
unix command shell specified in the environment variable SHELL with
the privileges of group disk.

2. Impact

An adversary could set SHELL to his own program to get local
root access to the system by writing directly to the raw HDD
device.

3. Solution

Update the package from our FTP server.


Please verify these md5 checksums of the updates before
installing: (For SuSE 6.0, please use the 6.1 updates)

AXP:
817852e77080ecb444cb3ab9d0e6f52d

ftp://ftp.suse.com/pub/suse/axp/update/6.1/kde1/kmulti-1.1.2-141.alpha.rpm

bf3ea6a10793225d5468efa72efb13cb

ftp://ftp.suse.com/pub/suse/axp/update/6.1/zq1/kmulti-1.1.2-141.src.rpm

8e1cc62cf437c43eca044562637d9ea3

ftp://ftp.suse.com/pub/suse/axp/update/6.3/kde1/kmulti-1.1.2-141.alpha.rpm

61dc0c2588a707ec9ba1c6be00aac58c

ftp://ftp.suse.com/pub/suse/axp/update/6.3/zq1/kmulti-1.1.2-141.src.rpm

45e951b3b14435a1c1ab89d3e4e5df1d

ftp://ftp.suse.com/pub/suse/axp/update/6.4/kde1/kmulti-1.1.2-141.alpha.rpm

a70b356603227e1a0e49d0eeab934ad8

ftp://ftp.suse.com/pub/suse/axp/update/6.4/zq1/kmulti-1.1.2-141.src.rpm

i386:
d4c6bc55edbb9aa4da76b2d9b186e6a9

ftp://ftp.suse.com/pub/suse/i386/update/6.1/kde1/kmulti-1.1.2-141.i386.rpm

9ac324e3a9bb1794280d8175f5762d5d

ftp://ftp.suse.com/pub/suse/i386/update/6.1/zq1/kmulti-1.1.2-141.src.rpm

f8318113abdde6e2a9118db63d50a550

ftp://ftp.suse.com/pub/suse/i386/update/6.2/kde1/kmulti-1.1.2-141.i386.rpm

18d5fc80412db2dc70770d9b175180d9

ftp://ftp.suse.com/pub/suse/i386/update/6.2/zq1/kmulti-1.1.2-141.src.rpm

43f1febe8dc5502132246b8ad977db54

ftp://ftp.suse.com/pub/suse/i386/update/6.3/kde1/kmulti-1.1.2-141.i386.rpm

bce686afd6186c9cb9816ccf95744040

ftp://ftp.suse.com/pub/suse/i386/update/6.3/zq1/kmulti-1.1.2-141.src.rpm

4a14b88f9b6f80c8ffcf4b82750d7bfb

ftp://ftp.suse.com/pub/suse/i386/update/6.4/kde1/kmulti-1.1.2-140.i386.rpm

de787463851f38b69e576cf8de7d9309

ftp://ftp.suse.com/pub/suse/i386/update/6.4/zq1/kmulti-1.1.2-140.src.rpm

PPC:
3de7429a24620ca2b7e61f799478e2b8

ftp://ftp.suse.com/pub/suse/ppc/update/6.4/kde1/kmulti-1.1.2-141.ppc.rpm

444e9ffc4fbc643deb208c45bcb31725

ftp://ftp.suse.com/pub/suse/ppc/update/6.4/zq1/kmulti-1.1.2-141.src.rpm


You can find updates on our ftp-Server:

ftp://ftp.suse.com/pub/suse/i386/update
for Intel processors
ftp://ftp.suse.com/pub/suse/axp/update
for Alpha processors

or try the following web pages for a list of mirrors:
http://www.suse.de/ftp.html
http://www.suse.com/ftp_new.html

Our webpage for patches:
http://www.suse.de/patches/index.html

Our webpage for security announcements:
http://www.suse.de/security

If you want to report vulnerabilities, please contact security@suse.de


SuSE has got two free security mailing list services to which
any interested party may subscribe:

suse-security@suse.com          - moderated and for general/linux/SuSE
                                  security discussions. All SuSE security
                                  announcements are sent to this list.

suse-security-announce@suse.com - SuSE's announce-only mailing list.
                                  Only SuSE's security annoucements are sent
                                  to this list.

To subscribe to the list, send a message to:
suse-security-subscribe@suse.com

To remove your address from the list, send a message to:
suse-security-unsubscribe@suse.com

Send mail to the following for info and FAQ for this list:
suse-security-info@suse.com

suse-security-faq@suse.com

Web Webster

Web Webster

Web Webster has more than 20 years of writing and editorial experience in the tech sector. He’s written and edited news, demand generation, user-focused, and thought leadership content for business software solutions, consumer tech, and Linux Today, he edits and writes for a portfolio of tech industry news and analysis websites including webopedia.com, and DatabaseJournal.com.

Linux Today Logo

LinuxToday is a trusted, contributor-driven news resource supporting all types of Linux users. Our thriving international community engages with us through social media and frequent content contributions aimed at solving problems ranging from personal computing to enterprise-level IT operations. LinuxToday serves as a home for a community that struggles to find comparable information elsewhere on the web.

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.