Home page logo
/

bugtraq logo Bugtraq mailing list archives

MDKSA-2005:160 - Updated kdebase packages fix potential local root vulnerability
From: Mandriva Security Team <security () mandriva com>
Date: Tue, 06 Sep 2005 21:48:15 -0600

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

                Mandriva Linux Security Update Advisory
 _______________________________________________________________________

 Package name:           kdebase
 Advisory ID:            MDKSA-2005:160
 Date:                   September 6th, 2005

 Affected versions:      10.1, 10.2, Corporate 3.0
 ______________________________________________________________________

 Problem Description:

 Ilja van Sprundel from suresec.org notified the KDE security team about
 a serious lock file handling error in kcheckpass that can, in some 
 configurations, be used to gain root access.
 
 In order for an exploit to succeed, the directory /var/lock has to be 
 writeable for a user that is allowed to invoke kcheckpass.
 
 The updated packages have been patched to correct this problem.
 _______________________________________________________________________

 References:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2494
  http://www.kde.org/info/security/advisory-20050905-1.txt
 ______________________________________________________________________

 Updated Packages:
  
 Mandrakelinux 10.1:
 fde6f11dca5fa72d8b892326ef18af39  10.1/RPMS/kdebase-3.2.3-134.9.101mdk.i586.rpm
 af8c908d2d1e82d38057d8c2a85226ae  10.1/RPMS/kdebase-common-3.2.3-134.9.101mdk.i586.rpm
 82059179465feed8f4aa87eeb09083c6  10.1/RPMS/kdebase-kate-3.2.3-134.9.101mdk.i586.rpm
 31551dc2a3ccd80305a0b7aec7d525a2  10.1/RPMS/kdebase-kcontrol-data-3.2.3-134.9.101mdk.i586.rpm
 256d4d84ec2af022ca1a91f91f4becbe  10.1/RPMS/kdebase-kcontrol-nsplugins-3.2.3-134.9.101mdk.i586.rpm
 bc75565668aee981f4170b082c875973  10.1/RPMS/kdebase-kdeprintfax-3.2.3-134.9.101mdk.i586.rpm
 3b1aa69777ca0380a598687febccf3cf  10.1/RPMS/kdebase-kdm-3.2.3-134.9.101mdk.i586.rpm
 c4aa598c9468d30370eca266e5cd26d2  10.1/RPMS/kdebase-kdm-config-file-3.2.3-134.9.101mdk.i586.rpm
 a3a5bfacdfbeda1e5674c8c85ce33d06  10.1/RPMS/kdebase-kmenuedit-3.2.3-134.9.101mdk.i586.rpm
 43989b4186ca73c933c0a14e6e8ada7e  10.1/RPMS/kdebase-konsole-3.2.3-134.9.101mdk.i586.rpm
 27eb9535ade339cc18745238cdca82e7  10.1/RPMS/kdebase-nsplugins-3.2.3-134.9.101mdk.i586.rpm
 2e150c90e33b4895f03afd0f150ef133  10.1/RPMS/kdebase-progs-3.2.3-134.9.101mdk.i586.rpm
 5a01676e0b14f1dcfdc354f36c809a15  10.1/RPMS/libkdebase4-3.2.3-134.9.101mdk.i586.rpm
 933a50f6b133a925553ebc500ffc77b2  10.1/RPMS/libkdebase4-devel-3.2.3-134.9.101mdk.i586.rpm
 d047b4804fa7ef86a4e358f4fa905062  10.1/RPMS/libkdebase4-kate-3.2.3-134.9.101mdk.i586.rpm
 75aa31fb0122567a8f61b27c6a6b97e3  10.1/RPMS/libkdebase4-kate-devel-3.2.3-134.9.101mdk.i586.rpm
 11d99a0db991f5ce81069d5a3b04996c  10.1/RPMS/libkdebase4-kmenuedit-3.2.3-134.9.101mdk.i586.rpm
 1d68a5e0a0ee1e9b683726394ef1d9d4  10.1/RPMS/libkdebase4-konsole-3.2.3-134.9.101mdk.i586.rpm
 79e2da009c3444e9fc8bae76a8e4bc58  10.1/SRPMS/kdebase-3.2.3-134.9.101mdk.src.rpm

 Mandrakelinux 10.1/X86_64:
 3edfcb2be06588148b7dbea26ddeb0ab  x86_64/10.1/RPMS/kdebase-3.2.3-134.9.101mdk.x86_64.rpm
 c2222b94addf5138736253d3591fe8a5  x86_64/10.1/RPMS/kdebase-common-3.2.3-134.9.101mdk.x86_64.rpm
 cbb30cf71ef0ee26a742425cc0131a57  x86_64/10.1/RPMS/kdebase-kate-3.2.3-134.9.101mdk.x86_64.rpm
 ee1cd14197f0978fe6683d732be2d9a9  x86_64/10.1/RPMS/kdebase-kcontrol-data-3.2.3-134.9.101mdk.x86_64.rpm
 9415b5810205fa4a6e40e158d73bb793  x86_64/10.1/RPMS/kdebase-kcontrol-nsplugins-3.2.3-134.9.101mdk.x86_64.rpm
 3b273879aba8c243abd365032cc12e10  x86_64/10.1/RPMS/kdebase-kdeprintfax-3.2.3-134.9.101mdk.x86_64.rpm
 d263866608db223d7c8003d873885327  x86_64/10.1/RPMS/kdebase-kdm-3.2.3-134.9.101mdk.x86_64.rpm
 c0e041f29979178df76dc8ae20f5c71f  x86_64/10.1/RPMS/kdebase-kdm-config-file-3.2.3-134.9.101mdk.x86_64.rpm
 53ea70085e2b73a1fcf716307b3c1f7a  x86_64/10.1/RPMS/kdebase-kmenuedit-3.2.3-134.9.101mdk.x86_64.rpm
 24c0b0f3cf506ce3c0fa4ea383c43312  x86_64/10.1/RPMS/kdebase-konsole-3.2.3-134.9.101mdk.x86_64.rpm
 72c06b57b925085a85ea1532299a8c12  x86_64/10.1/RPMS/kdebase-nsplugins-3.2.3-134.9.101mdk.x86_64.rpm
 f2b612031c9b753acdeca70da2761c14  x86_64/10.1/RPMS/kdebase-progs-3.2.3-134.9.101mdk.x86_64.rpm
 2be4621405105330c569a2d3371f7912  x86_64/10.1/RPMS/lib64kdebase4-3.2.3-134.9.101mdk.x86_64.rpm
 47fa9328d312663c970a0ea02f7ece97  x86_64/10.1/RPMS/lib64kdebase4-devel-3.2.3-134.9.101mdk.x86_64.rpm
 2c46a175a2d53cc9e71e1c7e80fc515f  x86_64/10.1/RPMS/lib64kdebase4-kate-3.2.3-134.9.101mdk.x86_64.rpm
 7ca3088d0a3fde613c6fc99bff434904  x86_64/10.1/RPMS/lib64kdebase4-kate-devel-3.2.3-134.9.101mdk.x86_64.rpm
 4333de20ac19527f2ed54590e13c668e  x86_64/10.1/RPMS/lib64kdebase4-kmenuedit-3.2.3-134.9.101mdk.x86_64.rpm
 45b52dcf04ef25fecc47179f699e8c6a  x86_64/10.1/RPMS/lib64kdebase4-konsole-3.2.3-134.9.101mdk.x86_64.rpm
 5a01676e0b14f1dcfdc354f36c809a15  x86_64/10.1/RPMS/libkdebase4-3.2.3-134.9.101mdk.i586.rpm
 d047b4804fa7ef86a4e358f4fa905062  x86_64/10.1/RPMS/libkdebase4-kate-3.2.3-134.9.101mdk.i586.rpm
 11d99a0db991f5ce81069d5a3b04996c  x86_64/10.1/RPMS/libkdebase4-kmenuedit-3.2.3-134.9.101mdk.i586.rpm
 1d68a5e0a0ee1e9b683726394ef1d9d4  x86_64/10.1/RPMS/libkdebase4-konsole-3.2.3-134.9.101mdk.i586.rpm
 79e2da009c3444e9fc8bae76a8e4bc58  x86_64/10.1/SRPMS/kdebase-3.2.3-134.9.101mdk.src.rpm

 Mandrakelinux 10.2:
 8ea820faf7f9a1c575fd814fa1b3be88  10.2/RPMS/kdebase-3.3.2-100.2.102mdk.i586.rpm
 64bf9ac92b71929fd8eb05ed082370d1  10.2/RPMS/kdebase-common-3.3.2-100.2.102mdk.i586.rpm
 6cc03c736e294c87acb62809496b3a23  10.2/RPMS/kdebase-kate-3.3.2-100.2.102mdk.i586.rpm
 b70f0133b3eb354edd91086b3dfb0ee0  10.2/RPMS/kdebase-kcontrol-data-3.3.2-100.2.102mdk.i586.rpm
 a27b819f2e74a1ac437eed30dc0c7a3a  10.2/RPMS/kdebase-kcontrol-nsplugins-3.3.2-100.2.102mdk.i586.rpm
 535c6d1e728d20ebfdd92f1e570aff80  10.2/RPMS/kdebase-kdeprintfax-3.3.2-100.2.102mdk.i586.rpm
 c1bdedce77fb4bd2ac91a20def9af473  10.2/RPMS/kdebase-kdm-3.3.2-100.2.102mdk.i586.rpm
 f8a3371d011e0f26c6c6ba05b1b09d5a  10.2/RPMS/kdebase-kdm-config-file-3.3.2-100.2.102mdk.i586.rpm
 ac2ad4a2c9863886bf00e22584baf0bc  10.2/RPMS/kdebase-kmenuedit-3.3.2-100.2.102mdk.i586.rpm
 84b86ebce0224eaaa633c600f7474ee4  10.2/RPMS/kdebase-konsole-3.3.2-100.2.102mdk.i586.rpm
 6fb8ec68e2d5c06b479fe50150d92ba3  10.2/RPMS/kdebase-nsplugins-3.3.2-100.2.102mdk.i586.rpm
 9d5c8d81876c2223000ee63dfcbeee01  10.2/RPMS/kdebase-progs-3.3.2-100.2.102mdk.i586.rpm
 bb38c4c73b9d375278ef65471d298d82  10.2/RPMS/libkdebase4-3.3.2-100.2.102mdk.i586.rpm
 be3bc52ee3a2fcbc00878a9a4af0cc29  10.2/RPMS/libkdebase4-devel-3.3.2-100.2.102mdk.i586.rpm
 635d14cbd10a57d48e53a8cd28a3969a  10.2/RPMS/libkdebase4-kate-3.3.2-100.2.102mdk.i586.rpm
 f1d7eea1781433ebe12c1c46e0b6aaa7  10.2/RPMS/libkdebase4-kate-devel-3.3.2-100.2.102mdk.i586.rpm
 c38367170d9640b89c12207bcd716a10  10.2/RPMS/libkdebase4-kmenuedit-3.3.2-100.2.102mdk.i586.rpm
 6cfa802a5041180479b14f1877eb51dd  10.2/RPMS/libkdebase4-konsole-3.3.2-100.2.102mdk.i586.rpm
 841ae9b72c2f032308c0921fd4c70ab3  10.2/SRPMS/kdebase-3.3.2-100.2.102mdk.src.rpm

 Mandrakelinux 10.2/X86_64:
 fd97ac0f42af8d4b1ae63f940bc6fa53  x86_64/10.2/RPMS/kdebase-3.3.2-100.2.102mdk.x86_64.rpm
 5293b17c951461e487ca49439971b759  x86_64/10.2/RPMS/kdebase-common-3.3.2-100.2.102mdk.x86_64.rpm
 5d2b1093f31e9058b4a67efdcad7a40e  x86_64/10.2/RPMS/kdebase-kate-3.3.2-100.2.102mdk.x86_64.rpm
 be52e48039b301a67acbd4d7ecbde6df  x86_64/10.2/RPMS/kdebase-kcontrol-data-3.3.2-100.2.102mdk.x86_64.rpm
 ec395a1c9aeed29e431bd888c004b72e  x86_64/10.2/RPMS/kdebase-kcontrol-nsplugins-3.3.2-100.2.102mdk.x86_64.rpm
 8dd7de1b81ed9c868d0f790e23884d1a  x86_64/10.2/RPMS/kdebase-kdeprintfax-3.3.2-100.2.102mdk.x86_64.rpm
 eac43c0d20c96edf27dfec090618aa0d  x86_64/10.2/RPMS/kdebase-kdm-3.3.2-100.2.102mdk.x86_64.rpm
 c62c51eed03325b323caf5fc8cc6cc68  x86_64/10.2/RPMS/kdebase-kdm-config-file-3.3.2-100.2.102mdk.x86_64.rpm
 ae976bc220b5e66aecc9e0466958cd41  x86_64/10.2/RPMS/kdebase-kmenuedit-3.3.2-100.2.102mdk.x86_64.rpm
 fb4c6cefd6cb1e8afa4eb9390a9f7ae2  x86_64/10.2/RPMS/kdebase-konsole-3.3.2-100.2.102mdk.x86_64.rpm
 6fb8ec68e2d5c06b479fe50150d92ba3  x86_64/10.2/RPMS/kdebase-nsplugins-3.3.2-100.2.102mdk.i586.rpm
 e9cc53487468f187b718967e9ab50fd1  x86_64/10.2/RPMS/kdebase-progs-3.3.2-100.2.102mdk.x86_64.rpm
 e78f53e65808be2cbbfaf82014d0c8b7  x86_64/10.2/RPMS/lib64kdebase4-3.3.2-100.2.102mdk.x86_64.rpm
 4847ef47d9c15d390a411dfe6caaf0df  x86_64/10.2/RPMS/lib64kdebase4-devel-3.3.2-100.2.102mdk.x86_64.rpm
 69b112bfb1a91e862507236dc62771f2  x86_64/10.2/RPMS/lib64kdebase4-kate-3.3.2-100.2.102mdk.x86_64.rpm
 ecc5111a1ad88ad0cdd03b9fbd297008  x86_64/10.2/RPMS/lib64kdebase4-kate-devel-3.3.2-100.2.102mdk.x86_64.rpm
 af472b1c462c450f8e7b2d05bc175bf9  x86_64/10.2/RPMS/lib64kdebase4-kmenuedit-3.3.2-100.2.102mdk.x86_64.rpm
 abb2bd8b81fb4b1a26eafa673483b759  x86_64/10.2/RPMS/lib64kdebase4-konsole-3.3.2-100.2.102mdk.x86_64.rpm
 841ae9b72c2f032308c0921fd4c70ab3  x86_64/10.2/SRPMS/kdebase-3.3.2-100.2.102mdk.src.rpm

 Corporate 3.0:
 5c5bb47872157532e74cb286c036f0ac  corporate/3.0/RPMS/kdebase-3.2-79.15.C30mdk.i586.rpm
 f1a378005b009f9626e775ce63c7807b  corporate/3.0/RPMS/kdebase-common-3.2-79.15.C30mdk.i586.rpm
 d67f323387473d54e4c17f1b67538785  corporate/3.0/RPMS/kdebase-kate-3.2-79.15.C30mdk.i586.rpm
 e3869e03e1764c2fee79f5169be58a42  corporate/3.0/RPMS/kdebase-kcontrol-data-3.2-79.15.C30mdk.i586.rpm
 f110abbe7b0d5cd772b159f7ba7e2127  corporate/3.0/RPMS/kdebase-kdeprintfax-3.2-79.15.C30mdk.i586.rpm
 a90cb881d3f22e2e2c3f6d66142fc52b  corporate/3.0/RPMS/kdebase-kdm-3.2-79.15.C30mdk.i586.rpm
 17fc38870b8833c2d4343f0d2c4268e3  corporate/3.0/RPMS/kdebase-kdm-config-file-3.2-79.15.C30mdk.i586.rpm
 821120dd5702eeb4a061efc69c179c9e  corporate/3.0/RPMS/kdebase-kmenuedit-3.2-79.15.C30mdk.i586.rpm
 9b1b4b6873d77d9076afdafde9a4c9c1  corporate/3.0/RPMS/kdebase-konsole-3.2-79.15.C30mdk.i586.rpm
 ccd40a116f2c31257fa69ce3c7f8cc0e  corporate/3.0/RPMS/kdebase-nsplugins-3.2-79.15.C30mdk.i586.rpm
 65c533e7edca8091e398e5632bdc0a4f  corporate/3.0/RPMS/kdebase-progs-3.2-79.15.C30mdk.i586.rpm
 24f93afd0d620488555d0d4f0a141d95  corporate/3.0/RPMS/libkdebase4-3.2-79.15.C30mdk.i586.rpm
 66465a760c0c47f41ae01151ff58e9ff  corporate/3.0/RPMS/libkdebase4-kate-3.2-79.15.C30mdk.i586.rpm
 5a4e2d25ad889c6d2d7ef54f2b6328d9  corporate/3.0/RPMS/libkdebase4-kmenuedit-3.2-79.15.C30mdk.i586.rpm
 1d14512ed592fe30afc82478738224f7  corporate/3.0/RPMS/libkdebase4-konsole-3.2-79.15.C30mdk.i586.rpm
 64f65eb5d0a37a2cedb127a6fb791156  corporate/3.0/RPMS/libkdebase4-nsplugins-3.2-79.15.C30mdk.i586.rpm
 f4009c97636ea98bee4a8c0e59d4deff  corporate/3.0/SRPMS/kdebase-3.2-79.15.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 765b9e68c3f33a9bdee7614a3763c08b  x86_64/corporate/3.0/RPMS/kdebase-3.2-79.15.C30mdk.x86_64.rpm
 8209c85a7d1ff5b5671da87da35e284f  x86_64/corporate/3.0/RPMS/kdebase-common-3.2-79.15.C30mdk.x86_64.rpm
 108339dbdd9f77a3970dfe4d69fefd2c  x86_64/corporate/3.0/RPMS/kdebase-kate-3.2-79.15.C30mdk.x86_64.rpm
 ba0c970fd675e1cbe8a9a7f04d1b9654  x86_64/corporate/3.0/RPMS/kdebase-kcontrol-data-3.2-79.15.C30mdk.x86_64.rpm
 1e86eb77ceb9ba139aaf63fad755f18c  x86_64/corporate/3.0/RPMS/kdebase-kdeprintfax-3.2-79.15.C30mdk.x86_64.rpm
 4f118f3483d2edb8ffc999f9643dfe22  x86_64/corporate/3.0/RPMS/kdebase-kdm-3.2-79.15.C30mdk.x86_64.rpm
 0cab09bb2a12aeb3167eeafa8edf21fa  x86_64/corporate/3.0/RPMS/kdebase-kdm-config-file-3.2-79.15.C30mdk.x86_64.rpm
 253479b917bab26432f972283dab4959  x86_64/corporate/3.0/RPMS/kdebase-kmenuedit-3.2-79.15.C30mdk.x86_64.rpm
 747401c57ca0ba41c58255efffae1f0b  x86_64/corporate/3.0/RPMS/kdebase-konsole-3.2-79.15.C30mdk.x86_64.rpm
 2b9012cad5af77f1dbb3b40a2f4f49cf  x86_64/corporate/3.0/RPMS/kdebase-nsplugins-3.2-79.15.C30mdk.x86_64.rpm
 7635c3c9b477579a7d08734b638d3da2  x86_64/corporate/3.0/RPMS/kdebase-progs-3.2-79.15.C30mdk.x86_64.rpm
 b78dc26632d1fb48d63e062b0369e83e  x86_64/corporate/3.0/RPMS/lib64kdebase4-3.2-79.15.C30mdk.x86_64.rpm
 249473e7032d316eb6c6e46dd14d72ea  x86_64/corporate/3.0/RPMS/lib64kdebase4-kate-3.2-79.15.C30mdk.x86_64.rpm
 6aa270ce944bc6a65a58b8503abdf82d  x86_64/corporate/3.0/RPMS/lib64kdebase4-kmenuedit-3.2-79.15.C30mdk.x86_64.rpm
 ca68112054d1b9f43edfca85837ce946  x86_64/corporate/3.0/RPMS/lib64kdebase4-konsole-3.2-79.15.C30mdk.x86_64.rpm
 a74132dd02854d83c4079554b1e24adc  x86_64/corporate/3.0/RPMS/lib64kdebase4-nsplugins-3.2-79.15.C30mdk.x86_64.rpm
 f4009c97636ea98bee4a8c0e59d4deff  x86_64/corporate/3.0/SRPMS/kdebase-3.2-79.15.C30mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFDHmL/mqjQ0CJFipgRAqNuAKCuNsRQrtNvVyEJz2Sk9h3Zscuh1wCfWFbI
kNL0wKiOW06YZS+6Sq+YnrQ=
=8611
-----END PGP SIGNATURE-----


  By Date           By Thread  

Current thread:
  • MDKSA-2005:160 - Updated kdebase packages fix potential local root vulnerability Mandriva Security Team (Sep 07)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault