(Gentoo Issues Fix) Re: KDE Display Manager pam_setcred() Failure May Grant Root Access to Remote Authenticated Users - SecurityTracker

	Keep Track of the Latest Vulnerabilities with SecurityTracker!

Home | View Topics | Search | Contact Us |

SecurityTracker
Archives

Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary

Instant Alerts

Buy our Premium Vulnerability Notification Service to receive customized, instant alerts

Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!

Become a Partner and License Our Database or Notification Service

Report a Bug

Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com

Category: Application (Generic) > KDE Display Manager (KDM)

Vendors: KDE.org

(Gentoo Issues Fix) Re: KDE Display Manager pam_setcred() Failure May Grant Root Access to Remote Authenticated Users

SecurityTracker Alert ID: 1008267

SecurityTracker URL: http://securitytracker.com/id/1008267

CVE Reference: CAN-2003-0690, CAN-2003-0692 (Links to External Site)

Updated: Dec 7 2003

Original Entry Date: Nov 21 2003

Impact: Root access via network, User access via network

Fix Available: Yes Vendor Confirmed: Yes

Version(s): 3.1.3 and prior versions

Description: Two vulnerabilities were reported in the KDE Display Manager (KDM). A remote authenticated user may be able to gain root access on the system. A remote user may be able to brute-force guess session cookies.

It is reported that with a certain configuration of the MIT pam_krb5 module, a pam_setcred() call may fail while leaving the session alive when a remote authenticated user connects, thereby granting root access to the remote authenticated user (CVE: CAN-2003-0690).

It is also reported that KDM uses a weak session cookie algorithm that does not fully use the available 128 bits of entropy (CVE: CAN-2003-0692). As a result, a remote user may be able to brute-force guess the session cookie.

The following notification timeline is provided:

12/06/2002 Posting on suse-security mailing list describing the PAM vulnerability.
08/06/2003 Notification of KDE Security and the KDM maintainer about the PAM vulnerability by Stephan Kulow.
08/09/2003 Patches for the PAM vulnerability applied to KDE CVS.
08/20/2003 George Lebl notifies Oswald Buddenhagen about weak session cookie generation in KDM.
08/26/2003 Impact analysis and advisory finished.
09/04/2003 Patches for the weak cookie vulnerability applied to CVS.
09/16/2003 Public advisory.

Impact: A remote authenticated user can gain "excessive" privileges, potentially including root privileges on the system.

A remote user may be able to brute-force guess the session cookie to gain access to a target user's session.

Solution: Gentoo has issued a fix and recommends that user perform an 'emerge --sync' and upgrade the package to the latest available version. KDE 3.1.4 is recommended and should be marked stable for most architectures, according to Gentoo.

Gentoo provided the following specific steps to upgrade:

emerge --sync
emerge '>=kde-base/kde-3.1.4'
emerge clean

Vendor URL: www.kde.org/info/security/advisory-20030916-1.txt (Links to External Site)

Cause: Authentication error, Exception handling error, Randomization error, State error

Underlying OS: Linux (Gentoo)

Message History: This archive entry is a follow-up to the message listed below.

KDE Display Manager pam_setcred() Failure May Grant Root Access to Remote Authenticated Users

Source Message Contents

Date: Thu, 20 Nov 2003 02:41:41 -0500
Subject: [gentoo-announce] GLSA: kdebase (200311-01)



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


- ---------------------------------------------------------------------------
GENTOO LINUX SECURITY ANNOUNCEMENT 200311-01
- ---------------------------------------------------------------------------

GLSA:        200311-01
package:     kde-base/kdebase
summary:     KDM vulnerabilities
severity:    normal
Gentoo bug:  29406
date:        2003-11-15
CVE:         CAN-2003-0690 CAN-2003-0692
exploit:     local / remote
affected:    <=3.1.3
fixed:       >=3.1.4

DESCRIPTION:

Firstly, versions of KDM <= 3.1.3 are vulnerable to a privilege escalation
bug with a specific configuration of PAM modules. Users who do not use PAM
with KDM and users who use PAM with regular Unix crypt/MD5 based
authentication methods are not affected.

Secondly, KDM uses a weak cookie generation algorithm. It is advised that
users upgrade to KDE 3.1.4, which uses /dev/urandom as a non-predictable
source of entropy to improve security.

Please look at http://www.kde.org/info/security/advisory-20030916-1.txt for
the KDE Security Advisory and source patch locations for older versions of
KDE.

SOLUTION:

Users are encouraged to perform an 'emerge --sync' and upgrade the package to
the latest available version. KDE 3.1.4 is recommended and should be marked
stable for most architectures. Specific steps to upgrade:

emerge --sync
emerge '>=kde-base/kde-3.1.4'
emerge clean

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (Darwin)

iD8DBQE/vG2Wnt0v0zAqOHYRAr5xAKCedNRDPeH8sbW3EyX6OOSHJOL6VQCgr0ul
fnlFstGhIw3hMdoQIp07/SI=
=QD6a
-----END PGP SIGNATURE-----

Go to the Top of This SecurityTracker Archive Page

Home | View Topics | Search | Contact Us
Copyright 2013, SecurityGlobal.net LLC