linux security - Jun 2000 - [CSSA-2000-015-0] Caldera Security Advisory: KDE suid root applications

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

______________________________________________________________________________
		   Caldera Systems, Inc.  Security Advisory

Subject:		kdelibs vulnerability for setuid KDE applications
Advisory number: 	CSSA-2000-015.0
Issue date: 		2000 June, 02
Cross reference:
______________________________________________________________________________


1. Problem Description

   There is a very serious vulnerability in the way KDE starts
   applications that allows local users to take over any file in the
   system by exploiting setuid root KDE application.

   The only vulnerable application shipped with OpenLinux is kISDN,
   but third party software might be vulnerable too.

   There is currently no fix available.


2. Vulnerable Versions

   System                       Package
   -----------------------------------------------------------
   OpenLinux Desktop 2.3        no vulnerable packages included

   OpenLinux eServer 2.3        no vulnerable packages included
   and OpenLinux eBuilder

   OpenLinux eDesktop 2.4	kISDN


3. Solution

   Workaround:

   If you do not need kISDN, deinstall it by issuing as root:

      rpm -e kisdn

   If you need kISDN on a multiuser workstation:

   Disable the suid-root sbit by doing as root:

      chmod u-s /opt/kde/bin/kisdn

   You can still use kisdn by issuing in a terminal window:
      $ su -p
      Password: <your root password>
      # kisdn &


   Also check your system for any other KDE application you have
   installed from third party sources and remove their suid bits
   as shown above.

4. OpenLinux Desktop 2.3

   no vulnerable packages included, but third party KDE applications might
   be vulnerable.

5. OpenLinux eServer 2.3 and OpenLinux eBuilder for ECential 3.0

   no vulnerable packages included, but third party KDE applications might
   be vulnerable.

6. OpenLinux eDesktop 2.4

   See the workaround above.

7. References

   This and other Caldera security resources are located at:

   http://www.calderasystems.com/support/security/index.html

   This security fix refers to Caldera''s internal Problem Report 6806.

8. Disclaimer

   Caldera Systems, Inc. is not responsible for the misuse of any of the
   information we provide on this website and/or through our security
   advisories. Our advisories are a service to our customers intended to
   promote secure installation and use of Caldera OpenLinux.

9. Acknowledgements

   Caldera Systems wishes to thank Sebastian "Stealth" Krahmer for
   discovering and reporting the bug.

______________________________________________________________________________

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.1 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE5N5b+18sy83A/qfwRAmDfAKC8gAzQiJJc1sDCwM8IqYFFujR7JgCeO65q
kqD9K+pF1E5f0CtXg/e2bnk=kzOd
-----END PGP SIGNATURE-----