SecurityTracker.com Archives - KDE KIO Protocol Subsystem Bugs May Let Remote Users Execute Arbitrary Commands

	Keep Track of the Latest Vulnerabilities with SecurityTracker!

SecurityTracker
Archives

Sign Up

Instant Alerts

Buy our Premium Vulnerability Notification Service to receive customized, instant alerts

Affiliates

Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!

Partners

Become a Partner and License Our Database or Notification Service

Report a Bug

Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com

Category: Application (Generic) > KDE

Vendors: KDE.org

KDE KIO Protocol Subsystem Bugs May Let Remote Users Execute Arbitrary Commands

SecurityTracker Alert ID: 1005609

CVE Reference: GENERIC-MAP-NOMATCH (Links to External Site)

Date: Nov 12 2002

Impact: Execution of arbitrary code via network, User access via network

Fix Available: Yes Vendor Confirmed: Yes

Version(s): 2.1 - 3.0.4

Description: A vulnerability was reported in KDE's KIO subsystem in the rlogin and telnet protocol implementation. A remote user can cause arbitrary commands to be executed on the system.

It is reported that a remote user could create a specially crafted URL that, when loaded on a target user's browser (or other KIO-enabled application), would cause arbitrary commands to be executed with the privileges of the target user.

No further details were provided.

Impact: A remote user can cause arbitary commands to be executed on the target user's system.

Solution: The vendor has issued a fixed version (KDE kdelibs 3.0.5), available at:

http://download.kde.org/stable/3.0.5/src/kdelibs-3.0.5.tar.bz2

checksum: ff22bd58b91ac34e476c308d345421aa kdelibs-3.0.5.tar.bz2

Also, a patch is available for KDE 3.0.x from the KDE FTP server:

ftp://ftp.kde.org/pub/kde/security_patches /

checksum: 5625501819f09510d542142aea7b85ab post-3.0.4-kdelibs-kio-misc.diff

For affected KDE 2 systems, the vendor recommends disabling both the rlogin and telnet KIO protocols. To disable the rlogin protocol, delete any rlogin.protocol files on the system and restart the active KDE sessions. According to the vendor, the file is usually installed in [kdeprefix]/share/services/rlogin.protocol ([kdeprefix] is typically /opt/kde3 or /usr), but other copies may exist in other locations, such as in users' [kdehome]/share/services directory ([kdehome] is typically the .kde directory in a user's home directory).

The telnet protocol vulnerability can also be disabled using the same methods.

Vendor URL: www.kde.org/info/security/advisory-20021111-1.txt (Links to External Site)

Cause: Access control error

Underlying OS: Linux (Any), UNIX (Any)

Reported By: Andreas Pour <pour@mieterra.com>

Message History: None.

Source Message Contents

Date: Tue, 12 Nov 2002 06:26:48 -0600
From: Andreas Pour <pour@mieterra.com>
Subject: KDE Security Advisory: rlogin.protocol and telnet.protocol URL KIO Vulnerability

 

KDE Security Advisory: rlogin.protocol and telnet.protocol URL KIO 
Vulnerability
Original Release Date: 2002-11-11
URL: http://www.kde.org/info/security/advisory-20021111-1.txt

0. References

        None.


1. Systems affected:

        All KDE 2 releases starting with KDE 2.1 and all KDE 3 releases
        (up to 3.0.4).

2. Overview:

        KDE provides support for various network protocols via the KIO
        subsystem.  These protocols are implemented with text files
        containing the extension .protocol, normally stored in the
        shared/services/ subdirectory under the KDE installation root.

        The implementation of the rlogin protocol in all of the affected
        systems, and the implementation of the telnet protocol in affected
        KDE 2 systems, allows a carefully crafted URL in an HTML page,
        HTML email or other KIO-enabled application to execute arbitrary
        commands on the system using the victim's account on the
        vulnerable machine.

3. Impact:

        The vulnerability potentially enables local or remote attackers
        to compromise a victim's account and execute arbitrary commands
        on the local system with the victim's privileges, such as erasing
        files, accessing data or installing trojans.

4. Solution:

        The vulnerability has been fixed in KDE 3.0.5 and a patch is
        available for KDE 3.0.4.  For affected KDE 3 systems, we recommend
        upgrading to KDE 3.0.5, applying the patch provided or disabling
        the rlogin protocol.

        For affected KDE 2 systems, we recommend disabling both the rlogin
        and telnet KIO protocols.

        The rlogin protocol vulnerability can be disabled by deleting
        any rlogin.protocol files on the system and restarting the active
        KDE sessions.  The file is usually installed in
        [kdeprefix]/share/services/rlogin.protocol ([kdeprefix] is typically
        /opt/kde3 or /usr), but copies may exist elsewhere, such as in
        users' [kdehome]/share/services directory ([kdehome] is typically
        the .kde directory in a user's home directory).

        The telnet protocol vulnerability can be similary disabled in
        affected KDE 2 systems.

        kdelibs-3.0.5 can be downloaded from
        http://download.kde.org/stable/3.0.5/src/kdelibs-3.0.5.tar.bz2 :

        ff22bd58b91ac34e476c308d345421aa  kdelibs-3.0.5.tar.bz2

        Some vendors are building binary packages of kdelibs-3.0.5.
        Please check your vendors website and the KDE 3.0.5 information page
        (http://ww.kde.org/info/3.0.5.html) periodically for availability.

5. Patch:

        Patches are available for KDE 3.0.x from the KDE FTP server
        (ftp://ftp.kde.org/pub/kde/security_patches/):

        5625501819f09510d542142aea7b85ab  post-3.0.4-kdelibs-kio-misc.diff

Go to the Top of This SecurityTracker Archive Page

Home | View Topics | Search | Contact Us | Help
Copyright 2002, SecurityGlobal.net LLC