[UNIX] KDM Symlink Attack File Permissions Bypass
- From: SecuriTeam <support@xxxxxxxxxxxxxx>
- Date: 15 Jun 2006 11:37:23 +0200
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
The SecuriTeam alerts list - Free, Accurate, Independent.
Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html
- - - - - - - - -
KDM Symlink Attack File Permissions Bypass
------------------------------------------------------------------------
SUMMARY
KDM allows the user to select the session type for login. This setting is
permanently stored in the user home directory. By using a symlink attack,
KDM can be tricked into allowing the user to read file content that would
otherwise be unreadable to a user.
DETAILS
Vulnerable Systems:
* KDE version 3.2.0 and above
* KDE version 3.5.3 and prior
By using a symlink attack on the user settings configuration file stored
at the user home directory, attackers can read any file on the system,
even if it is not readable to the user such as /etc/shadow, /etc/sudoes
etc.
Vendor Status:
The vendor has issued a patch:
A patch for KDE 3.4.0 - KDE 3.5.3 is available from
<ftp://ftp.kde.org/pub/kde/security_patches>
ftp://ftp.kde.org/pub/kde/security_patches :
9daecff07d57dabba35da247e752916a post-3.5.0-kdebase-kdm.diff
A patch for KDE 3.3.x is available from
<ftp://ftp.kde.org/pub/kde/security_patches>
ftp://ftp.kde.org/pub/kde/security_patches :
f2e1424d97f2cd18674bef833274c5e3 post-3.3.0-kdebase-kdm.diff
A patch for KDE 3.2.x is available from
<ftp://ftp.kde.org/pub/kde/security_patches>
ftp://ftp.kde.org/pub/kde/security_patches :
8aa6b41cccca4216c6eb1cf705c2370a post-3.2.0-kdebase-kdm.diff
CVE Information:
<http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2449>
CVE-2006-2449
ADDITIONAL INFORMATION
The information has been provided by <mailto:mueller@xxxxxxx> Dirk
Mueller.
The original article can be found at:
<http://www.kde.org/info/security/advisory-20060614-1.txt>
http://www.kde.org/info/security/advisory-20060614-1.txt
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@xxxxxxxxxxxxxx
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@xxxxxxxxxxxxxx
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Prev by Date: [NT] Microsoft Internet Explorer DXImageTransform ActiveX Memory Corruption Vulnerability
- Next by Date: [UNIX] Asterisk IAX2 Video Frame Buffer Overflow
- Previous by thread: [NT] Microsoft Internet Explorer DXImageTransform ActiveX Memory Corruption Vulnerability
- Next by thread: [UNIX] Asterisk IAX2 Video Frame Buffer Overflow
- Index(es):
Relevant Pages
|
|
