[Full-Disclosure] MDKSA-2003:091 - Updated kdebase packages fix vulnerabilities in KDM

From: Mandrake Linux Security Team (security_at_linux-mandrake.com)
Date: 09/17/03

  • Next message: Florian Weimer: "Re: [Full-Disclosure] OpenSSH exploit w/privsep"
    To: full-disclosure@lists.netsys.com
    Date: 17 Sep 2003 07:27:19 -0000
    
    

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    ________________________________________________________________________

                    Mandrake Linux Security Update Advisory
    ________________________________________________________________________

    Package name: kdebase
    Advisory ID: MDKSA-2003:091
    Date: September 16th, 2003

    Affected versions: 9.0, 9.1, Corporate Server 2.1
    ________________________________________________________________________

    Problem Description:

     A vulnerability was discovered in all versions of KDE 2.2.0 up to and
     including 3.1.3. KDM does not check for successful completion of the
     pam_setcred() call and in the case of error conditions in the installed
     PAM modules, KDM may grant local root access to any user with valid
     login credentials. It has been reported to the KDE team that a certain
     configuration of the MIT pam_krb5 module can result in a failing
     pam_setcred() call which leaves the session alive and would provide root
     access to any regular user. It is also possible that this vulnerability
     can likewise be exploited with other PAM modules in a similar manner.
     
     Another vulnerability was discovered in kdm where the cookie session
     generating algorithm was considered too weak to supply a full 128 bits
     of entropy. This allowed unauthorized users to brute-force the session
     cookie.
     
     mdkkdm, a specialized version of kdm, is likewise vulnerable to these
     problems and has been patched as well.
    ________________________________________________________________________

    References:
      
      http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0690
      http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0692
      http://www.kde.org/info/security/advisory-20030916-1.txt
      http://cert.uni-stuttgart.de/archive/suse/security/2002/12/msg00101.html
    ________________________________________________________________________

    Updated Packages:
      
     Corporate Server 2.1:
     b16612d8f4e68781cecaf9d32e12c50c corporate/2.1/RPMS/kdebase-3.0.5a-1.4mdk.i586.rpm
     a80f6c8029c536d59f92fcf7bcf1abd5 corporate/2.1/RPMS/kdebase-devel-3.0.5a-1.4mdk.i586.rpm
     ae02c014e1994c25a1ee23a7eee8095c corporate/2.1/RPMS/kdebase-nsplugins-3.0.5a-1.4mdk.i586.rpm
     f9ebdbc69440ca1d11fcd5653f8173d6 corporate/2.1/SRPMS/kdebase-3.0.5a-1.4mdk.src.rpm

     Corporate Server 2.1/x86_64:
     cf6fbbfee865b54584632655fa019ee3 x86_64/corporate/2.1/RPMS/kdebase-3.0.5-2.2mdk.x86_64.rpm
     08867a45c5be3c48bbd4c93ced0b6ebb x86_64/corporate/2.1/RPMS/kdebase-devel-3.0.5-2.2mdk.x86_64.rpm
     cf53476849eb402be28d6a52ac86a218 x86_64/corporate/2.1/RPMS/kdebase-nsplugins-3.0.5-2.2mdk.x86_64.rpm
     a1ee293f258c76a720310183f0c4dda4 x86_64/corporate/2.1/SRPMS/kdebase-3.0.5-2.2mdk.src.rpm

     Mandrake Linux 9.0:
     b16612d8f4e68781cecaf9d32e12c50c 9.0/RPMS/kdebase-3.0.5a-1.4mdk.i586.rpm
     a80f6c8029c536d59f92fcf7bcf1abd5 9.0/RPMS/kdebase-devel-3.0.5a-1.4mdk.i586.rpm
     ae02c014e1994c25a1ee23a7eee8095c 9.0/RPMS/kdebase-nsplugins-3.0.5a-1.4mdk.i586.rpm
     f9ebdbc69440ca1d11fcd5653f8173d6 9.0/SRPMS/kdebase-3.0.5a-1.4mdk.src.rpm

     Mandrake Linux 9.1:
     06423402c174ef11a64bd0ed44c4a624 9.1/RPMS/kdebase-3.1-83.5mdk.i586.rpm
     bfa3c991495ec60d87858cd1563353ab 9.1/RPMS/kdebase-devel-3.1-83.5mdk.i586.rpm
     cfef59c2e6d2c0faf7469ab2d036e091 9.1/RPMS/kdebase-kdm-3.1-83.5mdk.i586.rpm
     ab122d6e7931a96d239e0aa6db401ffa 9.1/RPMS/kdebase-nsplugins-3.1-83.5mdk.i586.rpm
     dbcedf83b6ed92afb8d30bdf54ec38d5 9.1/RPMS/mdkkdm-9.1-24.2mdk.i586.rpm
     dc8f0c5f34088514900266eeaeff63bb 9.1/SRPMS/kdebase-3.1-83.5mdk.src.rpm
     d5c82813906df0100a099e10a030672b 9.1/SRPMS/mdkkdm-9.1-24.2mdk.src.rpm

     Mandrake Linux 9.1/PPC:
     a34824fd162a8ce79258c4db2f2c2d56 ppc/9.1/RPMS/kdebase-3.1-83.5mdk.ppc.rpm
     2f3bb4c00a78faa0792dd0353b6e09f2 ppc/9.1/RPMS/kdebase-devel-3.1-83.5mdk.ppc.rpm
     818e187fcc9328683fd8e33044c43a78 ppc/9.1/RPMS/kdebase-kdm-3.1-83.5mdk.ppc.rpm
     63a508bdfc7040697fd200c9f580204b ppc/9.1/RPMS/kdebase-nsplugins-3.1-83.5mdk.ppc.rpm
     499cd7d3f1e4cc7b1276c0f9eed1c0cf ppc/9.1/RPMS/mdkkdm-9.1-24.2mdk.ppc.rpm
     dc8f0c5f34088514900266eeaeff63bb ppc/9.1/SRPMS/kdebase-3.1-83.5mdk.src.rpm
     d5c82813906df0100a099e10a030672b ppc/9.1/SRPMS/mdkkdm-9.1-24.2mdk.src.rpm
    ________________________________________________________________________

    Bug IDs fixed (see https://qa.mandrakesoft.com for more information):
    ________________________________________________________________________

    To upgrade automatically, use MandrakeUpdate or urpmi. The verification
    of md5 checksums and GPG signatures is performed automatically for you.

    A list of FTP mirrors can be obtained from:

      http://www.mandrakesecure.net/en/ftp.php

    All packages are signed by MandrakeSoft for security. You can obtain
    the GPG public key of the Mandrake Linux Security Team by executing:

      gpg --recv-keys --keyserver www.mandrakesecure.net 0x22458A98

    Please be aware that sometimes it takes the mirrors a few hours to
    update.

    You can view other update advisories for Mandrake Linux at:

      http://www.mandrakesecure.net/en/advisories/

    MandrakeSoft has several security-related mailing list services that
    anyone can subscribe to. Information on these lists can be obtained by
    visiting:

      http://www.mandrakesecure.net/en/mlist.php

    If you want to report vulnerabilities, please contact

      security_linux-mandrake.com

    Type Bits/KeyID Date User ID
    pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team
      <security linux-mandrake.com>
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.0.7 (GNU/Linux)

    iD8DBQE/aAzXmqjQ0CJFipgRAjTHAKCgKgOL5FfAY8Cl21us3zCu++mDeQCgyted
    IAsCqtqf8FjLxw8SCuTbJ00=
    =HHre
    -----END PGP SIGNATURE-----

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html


  • Next message: Florian Weimer: "Re: [Full-Disclosure] OpenSSH exploit w/privsep"

    Relevant Pages

    • MDKSA-2001:079-2 - kernel updaet
      ... Alexander Viro discovered a vulnerability in the devfs implementation ... arbitrary amount of time in the kernel code. ... You can get the GPG public key of the Mandrake Linux Security Team at ...
      (Bugtraq)
    • MDKSA-2001:079-1 - kernel 2.4 update
      ... Subject: MDKSA-2001:079-1 - kernel 2.4 update ... Alexander Viro discovered a vulnerability in the devfs implementation ... You can get the GPG public key of the Mandrake Linux Security Team at ...
      (Bugtraq)
    • MDKSA-2001:053-1 - gnupg update
      ... A format string vulnerability exists in gnupg 1.0.5 and previous ... You can get the GPG public key of the Linux-Mandrake Security Team at ... Mandrake Linux 8.0: ...
      (Bugtraq)
    • MDKSA-2003:091 - Updated kdebase packages fix vulnerabilities in KDM
      ... KDM may grant local root access to any user with valid ... It is also possible that this vulnerability ... Mandrake Linux 9.0: ... All packages are signed by MandrakeSoft for security. ...
      (Bugtraq)
    • MDKSA-2002:046 - openssl update
      ... OpenSSL code that are all potentially remotely exploitable. ... a vulnerability was found by Adi Stav and James Yonan ... upgrade to these OpenSSL packages. ... Mandrake Linux 8.0/ppc: ...
      (Bugtraq)