SecurityTracker: KDE kcheckpass Lock File Bug May Let Local Users Grab Root Privileges

	Keep Track of the Latest Vulnerabilities with SecurityTracker!

Home | View Topics | Search | Contact Us |

SecurityTracker
Archives

Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary

Instant Alerts

Buy our Premium Vulnerability Notification Service to receive customized, instant alerts

Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!

Become a Partner and License Our Database or Notification Service

Report a Bug

Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com

Category: Application (Generic) > KDE

Vendors: KDE.org

KDE kcheckpass Lock File Bug May Let Local Users Grab Root Privileges

SecurityTracker Alert ID: 1014852

SecurityTracker URL: http://securitytracker.com/id/1014852

CVE Reference: CVE-2005-2494 (Links to External Site)

Updated: Aug 11 2006

Original Entry Date: Sep 5 2005

Impact: Root access via local system

Fix Available: Yes Vendor Confirmed: Yes

Version(s): KDE 3.2.0 up to including 3.4.2

Description: A vulnerability was reported in KDE kcheckpass. A local user can obtain root privileges.

If a local user has write access to the 'var/lock' directory and has permissions to invoke 'kcheckpass', then the local user may be able to exploit a lock file handling error to gain root access. Not all configurations are affected.

Ilja van Sprundel from suresec.org discovered this vulnerability.

Impact: A local user can gain root privileges on the target system.

Solution: The vendor has issued a patch for KDE 3.4.2, available at:

ftp://ftp.kde.org/pub/kde/security_patches

2065be8baea09c89416385ac5dd892a9 post-3.4.2-kdebase-kcheckpass.diff

Vendor URL: www.kde.org/info/security/advisory-20050905-1.txt (Links to External Site)

Cause: State error

Underlying OS: Linux (Any), UNIX (Any)

Message History: This archive entry has one or more follow-up message(s) listed below.

(Red Hat Issues Fix) KDE kcheckpass Lock File Bug May Let Local Users Grab Root Privileges (bugzilla@redhat.com)
Red Hat has released a fix for Red Hat Enteprise Linux 4.

Source Message Contents

Date: Mon, 5 Sep 2005 15:47:31 -0400
Subject: KDE vulnerability


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

KDE Security Advisory: kcheckpass local root vulnerability
Original Release Date: 2005-09-05
URL: http://www.kde.org/info/security/advisory-20050905-1.txt

0. References

        CAN-2005-2494

1. Systems affected:

        All KDE releases starting from KDE 3.2.0 up to including
        KDE 3.4.2.


2. Overview:

        Ilja van Sprundel from suresec.org notified the KDE
        security team about a serious lock file handling error
        in kcheckpass that can, in some configurations, be used
        to gain root access.

        In order for an exploit to succeed, the directory /var/lock
        has to be writeable for a user that is allowed to invoke
        kcheckpass. This is the case on some Linux distributions.


3. Impact:

        A local user can escalate its privileges to the root user.


4. Solution:

        Source code patches have been made available which fix these
        vulnerabilities. Contact your OS vendor / binary package provider
        for information about how to obtain updated binary packages.


5. Patch:

        Patch for KDE 3.4.2 is available from 
        ftp://ftp.kde.org/pub/kde/security_patches :

        2065be8baea09c89416385ac5dd892a9 post-3.4.2-kdebase-kcheckpass.diff



-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFDHJwhvsXr+iuy1UoRAhrmAKCgq+TD9I1lzE1H3vR1f/X2VUoSugCdH3wm
GWK+f6AGiG2Eh7rC5JC7fdA=
=SCi3
-----END PGP SIGNATURE-----

Go to the Top of This SecurityTracker Archive Page

Home | View Topics | Search | Contact Us
Copyright 2012, SecurityGlobal.net LLC