Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

[ MDKSA-2006:105 ] - Updated kdebase packages fix local vulnerability in kdm
From: security () mandriva com
Date: Thu, 15 Jun 2006 17:34:00 -0600


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2006:105
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : kdebase
 Date    : June 15, 2006
 Affected: 2006.0, Corporate 3.0
 _______________________________________________________________________
 
 Problem Description:
 
 A problem with how kdm manages the ~/.dmrc file was discovered by
 Ludwig Nussel.  By using a symlink attack, a local user could get kdm
 to read arbitrary files on the system, including privileged system
 files and those belonging to other users.
 
 The updated packages have been patched to correct these issues.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2449
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2006.0:
 726ebca14ef5a2d3bb16b8c5cd586356  2006.0/RPMS/kdebase-3.4.2-55.5.20060mdk.i586.rpm
 67258d27916b2f1094daec6a72cc5a36  2006.0/RPMS/kdebase-common-3.4.2-55.5.20060mdk.i586.rpm
 00c0d00a72f143b7f81ca0f5b2274dc7  2006.0/RPMS/kdebase-kate-3.4.2-55.5.20060mdk.i586.rpm
 8d42b7e78e69cf213be098241a9e8598  2006.0/RPMS/kdebase-kcontrol-data-3.4.2-55.5.20060mdk.i586.rpm
 d672219a07c7bbcc49397ea266f038a0  2006.0/RPMS/kdebase-kcontrol-nsplugins-3.4.2-55.5.20060mdk.i586.rpm
 e9954cab45c6e1d131b46041d4bcce0f  2006.0/RPMS/kdebase-kdeprintfax-3.4.2-55.5.20060mdk.i586.rpm
 d03fadff36a0a9b004348847fa18c927  2006.0/RPMS/kdebase-kdm-3.4.2-55.5.20060mdk.i586.rpm
 3648f9f109ee067dae7508dff745071c  2006.0/RPMS/kdebase-kdm-config-file-3.4.2-55.5.20060mdk.i586.rpm
 2cfc8867c6a00ebe570c288065161901  2006.0/RPMS/kdebase-kmenuedit-3.4.2-55.5.20060mdk.i586.rpm
 fe43cec32fc283385dbfb6f1eda7b69b  2006.0/RPMS/kdebase-konsole-3.4.2-55.5.20060mdk.i586.rpm
 6b187d1d14878e7910141b14055ba53f  2006.0/RPMS/kdebase-nsplugins-3.4.2-55.5.20060mdk.i586.rpm
 2fc45a4e8002ff458d950f3a6f9e25c4  2006.0/RPMS/kdebase-progs-3.4.2-55.5.20060mdk.i586.rpm
 dfb5094f0df1b1cdd28a23b61da3a06f  2006.0/RPMS/libkdebase4-3.4.2-55.5.20060mdk.i586.rpm
 7561375483fcbfcd29df293a0ded800a  2006.0/RPMS/libkdebase4-devel-3.4.2-55.5.20060mdk.i586.rpm
 2b999ec3ca33a8665f6887999d67145f  2006.0/RPMS/libkdebase4-kate-3.4.2-55.5.20060mdk.i586.rpm
 22ffce36b1e6d3c0518bf6c3d209d636  2006.0/RPMS/libkdebase4-kate-devel-3.4.2-55.5.20060mdk.i586.rpm
 17d13b30f1a98c10561a54c90e846120  2006.0/RPMS/libkdebase4-kmenuedit-3.4.2-55.5.20060mdk.i586.rpm
 947d66c0dd9cdb7a9f7e42fffa98b962  2006.0/RPMS/libkdebase4-konsole-3.4.2-55.5.20060mdk.i586.rpm
 d96c8c54b11b12febaa623ef7706773f  2006.0/SRPMS/kdebase-3.4.2-55.5.20060mdk.src.rpm

 Mandriva Linux 2006.0/X86_64:
 9445b9aa2f63f0954eaf8fe8de0cea2d  x86_64/2006.0/RPMS/kdebase-3.4.2-55.5.20060mdk.x86_64.rpm
 9f38a7226f9ffa9cf4d3e54491c395b4  x86_64/2006.0/RPMS/kdebase-common-3.4.2-55.5.20060mdk.x86_64.rpm
 0b8630897380a181df39a2aafe61429f  x86_64/2006.0/RPMS/kdebase-kate-3.4.2-55.5.20060mdk.x86_64.rpm
 1b3cb9ee7e6ad29efe96fa401c66c06a  x86_64/2006.0/RPMS/kdebase-kcontrol-data-3.4.2-55.5.20060mdk.x86_64.rpm
 4abaa902c27a1c48f66c07b9d15592c5  x86_64/2006.0/RPMS/kdebase-kcontrol-nsplugins-3.4.2-55.5.20060mdk.x86_64.rpm
 f6a797e354ab5e61056e9a6c874361b0  x86_64/2006.0/RPMS/kdebase-kdeprintfax-3.4.2-55.5.20060mdk.x86_64.rpm
 52aefd9b732993a2a38b576623754364  x86_64/2006.0/RPMS/kdebase-kdm-3.4.2-55.5.20060mdk.x86_64.rpm
 d785e9c02f2eabcd814d139472acaede  x86_64/2006.0/RPMS/kdebase-kdm-config-file-3.4.2-55.5.20060mdk.x86_64.rpm
 0d7081df83b791dac816444af85ad2ea  x86_64/2006.0/RPMS/kdebase-kmenuedit-3.4.2-55.5.20060mdk.x86_64.rpm
 26e53b61879d3c2f25452cff9f5eb766  x86_64/2006.0/RPMS/kdebase-konsole-3.4.2-55.5.20060mdk.x86_64.rpm
 7e899e5d166f2bbc2ed83668579281e8  x86_64/2006.0/RPMS/kdebase-nsplugins-3.4.2-55.5.20060mdk.x86_64.rpm
 70c2d41960ad53dd8af05cabd2cfe113  x86_64/2006.0/RPMS/kdebase-progs-3.4.2-55.5.20060mdk.x86_64.rpm
 b7b012c632ba73983474ba6d0b85f3cd  x86_64/2006.0/RPMS/lib64kdebase4-3.4.2-55.5.20060mdk.x86_64.rpm
 6d6a9a5c9695b3168115773214cd5b5d  x86_64/2006.0/RPMS/lib64kdebase4-devel-3.4.2-55.5.20060mdk.x86_64.rpm
 b87ae3232e723ccceba364b26d08ff8b  x86_64/2006.0/RPMS/lib64kdebase4-kate-3.4.2-55.5.20060mdk.x86_64.rpm
 dc0c9a6dee46458bde36960da267f7c3  x86_64/2006.0/RPMS/lib64kdebase4-kate-devel-3.4.2-55.5.20060mdk.x86_64.rpm
 9fc2e0f1146a6c11bde9d839bf42de3a  x86_64/2006.0/RPMS/lib64kdebase4-kmenuedit-3.4.2-55.5.20060mdk.x86_64.rpm
 5fda3b2cd68127accd88dabcbc8d35e9  x86_64/2006.0/RPMS/lib64kdebase4-konsole-3.4.2-55.5.20060mdk.x86_64.rpm
 d96c8c54b11b12febaa623ef7706773f  x86_64/2006.0/SRPMS/kdebase-3.4.2-55.5.20060mdk.src.rpm

 Corporate 3.0:
 ef3b48418d1d820c5e77289e5e13eb51  corporate/3.0/RPMS/kdebase-3.2-79.16.C30mdk.i586.rpm
 7a11e9bdecb4d77155ae20b6ac70e7ca  corporate/3.0/RPMS/kdebase-common-3.2-79.16.C30mdk.i586.rpm
 8f4884ab14d2f4ea1513c2aaba4db23a  corporate/3.0/RPMS/kdebase-kate-3.2-79.16.C30mdk.i586.rpm
 d9ede34c2fc22189fbff4cb6d9142f77  corporate/3.0/RPMS/kdebase-kcontrol-data-3.2-79.16.C30mdk.i586.rpm
 a479eaa99cf9aa9e48ae6ebdec049f46  corporate/3.0/RPMS/kdebase-kdeprintfax-3.2-79.16.C30mdk.i586.rpm
 e76eb27bf6e194353ff1620979bd75bc  corporate/3.0/RPMS/kdebase-kdm-3.2-79.16.C30mdk.i586.rpm
 d9871f5abf93901c53985173e7daa7f1  corporate/3.0/RPMS/kdebase-kdm-config-file-3.2-79.16.C30mdk.i586.rpm
 a50ab9efa112240601053c89921a246e  corporate/3.0/RPMS/kdebase-kmenuedit-3.2-79.16.C30mdk.i586.rpm
 fb27cc11388706d3ff1503a53aef9fd7  corporate/3.0/RPMS/kdebase-konsole-3.2-79.16.C30mdk.i586.rpm
 5d2c5d750aab6d938e0ba2977c1e3e94  corporate/3.0/RPMS/kdebase-nsplugins-3.2-79.16.C30mdk.i586.rpm
 0b08427948257b69d387d2cb8ef84e24  corporate/3.0/RPMS/kdebase-progs-3.2-79.16.C30mdk.i586.rpm
 2dd212d67fefe8e08a6a1bcec4c8872c  corporate/3.0/RPMS/libkdebase4-3.2-79.16.C30mdk.i586.rpm
 5aece054b5eb7615f55d79f8beff81e8  corporate/3.0/RPMS/libkdebase4-devel-3.2-79.16.C30mdk.i586.rpm
 8e690cad1ced882f2705058b7cf1e029  corporate/3.0/RPMS/libkdebase4-kate-3.2-79.16.C30mdk.i586.rpm
 9fed5c34ec8dfcf1a16c085641920e08  corporate/3.0/RPMS/libkdebase4-kate-devel-3.2-79.16.C30mdk.i586.rpm
 f3dcfab1dfba92511bbfc0f6f2da6b30  corporate/3.0/RPMS/libkdebase4-kmenuedit-3.2-79.16.C30mdk.i586.rpm
 b9f199e99430a55b6d20476d1a71af05  corporate/3.0/RPMS/libkdebase4-konsole-3.2-79.16.C30mdk.i586.rpm
 bd1e5da137831c0ed7dfe490109da83e  corporate/3.0/RPMS/libkdebase4-nsplugins-3.2-79.16.C30mdk.i586.rpm
 fee4d611492e726bd8331f5c41885e82  corporate/3.0/RPMS/libkdebase4-nsplugins-devel-3.2-79.16.C30mdk.i586.rpm
 a07f41acf5e23f73458caea242b17df7  corporate/3.0/SRPMS/kdebase-3.2-79.16.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 c6c8cdd25d44d7ec8ce846f3cf200a59  x86_64/corporate/3.0/RPMS/kdebase-3.2-79.16.C30mdk.x86_64.rpm
 90e827dc3f1466d8bf8a1d93b6fe5274  x86_64/corporate/3.0/RPMS/kdebase-common-3.2-79.16.C30mdk.x86_64.rpm
 7994f4858992febb3476e74bdef18c78  x86_64/corporate/3.0/RPMS/kdebase-kate-3.2-79.16.C30mdk.x86_64.rpm
 6370d0bbc319e459e2f57b76afa5d8ca  x86_64/corporate/3.0/RPMS/kdebase-kcontrol-data-3.2-79.16.C30mdk.x86_64.rpm
 ea4a3e76df7385c1e822de4b5ebd1b74  x86_64/corporate/3.0/RPMS/kdebase-kdeprintfax-3.2-79.16.C30mdk.x86_64.rpm
 ae72ad4feb487c5e140a37481d0b9ed1  x86_64/corporate/3.0/RPMS/kdebase-kdm-3.2-79.16.C30mdk.x86_64.rpm
 32d7826318e11489a1920cee6b546328  x86_64/corporate/3.0/RPMS/kdebase-kdm-config-file-3.2-79.16.C30mdk.x86_64.rpm
 0eb3518324296234429c450eba0034c8  x86_64/corporate/3.0/RPMS/kdebase-kmenuedit-3.2-79.16.C30mdk.x86_64.rpm
 bb6ccf30e34f5814b32887b99a9469a8  x86_64/corporate/3.0/RPMS/kdebase-konsole-3.2-79.16.C30mdk.x86_64.rpm
 16d283884747b1fe328146c61caae36c  x86_64/corporate/3.0/RPMS/kdebase-nsplugins-3.2-79.16.C30mdk.x86_64.rpm
 d678ca184d5b2a46bb271d69a4cdbabe  x86_64/corporate/3.0/RPMS/kdebase-progs-3.2-79.16.C30mdk.x86_64.rpm
 c2fc2aee9289b43f2ee501e5592e199d  x86_64/corporate/3.0/RPMS/lib64kdebase4-3.2-79.16.C30mdk.x86_64.rpm
 1967f8b2a1dc08ce6492cf8a5d066f49  x86_64/corporate/3.0/RPMS/lib64kdebase4-devel-3.2-79.16.C30mdk.x86_64.rpm
 f0780b73632275d602d1f72ced0a83cc  x86_64/corporate/3.0/RPMS/lib64kdebase4-kate-3.2-79.16.C30mdk.x86_64.rpm
 0551d850ad5ef4868238a23b4b2d4361  x86_64/corporate/3.0/RPMS/lib64kdebase4-kate-devel-3.2-79.16.C30mdk.x86_64.rpm
 3b1cd784425760243654923bce43a838  x86_64/corporate/3.0/RPMS/lib64kdebase4-kmenuedit-3.2-79.16.C30mdk.x86_64.rpm
 397953a52f385954f0108cb86b69ba62  x86_64/corporate/3.0/RPMS/lib64kdebase4-konsole-3.2-79.16.C30mdk.x86_64.rpm
 c72de4cb208b6f08a332295fd78f9438  x86_64/corporate/3.0/RPMS/lib64kdebase4-nsplugins-3.2-79.16.C30mdk.x86_64.rpm
 0f545f5f9bde740c50000d5c373bfd11  x86_64/corporate/3.0/RPMS/lib64kdebase4-nsplugins-devel-3.2-79.16.C30mdk.x86_64.rpm
 a07f41acf5e23f73458caea242b17df7  x86_64/corporate/3.0/SRPMS/kdebase-3.2-79.16.C30mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFEkcIjmqjQ0CJFipgRArzBAJ9Mo70yiJi66DQdJzv8DrtsURPp7QCfd3tJ
iehgJbnn4Z83wR9MRrNl3GE=
=NX9g
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
  • [ MDKSA-2006:105 ] - Updated kdebase packages fix local vulnerability in kdm security (Jun 15)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]