KDE Buffer Overflow in 'fliccd' Yields Root Privileges to Local Users and May Let Remote Users Access the System
|
|
SecurityTracker Alert ID: 1013217
|
|
SecurityTracker URL: http://securitytracker.com/id?1013217
|
|
CVE Reference: CAN-2005-0011
(Links to External Site)
|
Date: Feb 16 2005
|
Impact: Execution of arbitrary code via local system, Execution of arbitrary code via network, Root access via local system, User access via network
|
Fix Available: Yes
Vendor Confirmed: Yes
|
Version(s): 3.3 - 3.3.2
|
Description: A buffer overflow vulnerability was reported in KDE in the 'fliccd' component of KDE-Edu, KStars, and INDI. A local user can obtain root privileges. A remote user may be able to gain access to the system.
A local user can trigger several buffer overflow vulnerabilities in fliccd to execute arbitrary code on the target system. The Instrument
Neutral Distributed Interface (INDI) support installs fliccd with set user id (setuid) root user privileges. As a result, a local
user can gain root privileges.
If the fliccd daemon is running (which is not the default configuration), then a remote user can
gain access to the target system, potentially with root privileges.
Erik Sjolund discovered this flaw.
The vendor was notified
on January 7, 2005.
|
Impact: A local user can obtain root privileges on the target system.
A remote user may be able to gain access to the target system.
|
Solution: The vendor has issued a patch for 3.3.2 (2b9c8330bec2c0dc6669ccc40b24dd70 post-3.3.2-kdeedu-kstars.diff), available at:
ftp://ftp.kde.org/pub/kde/security_patches
|
Vendor URL: www.kde.org/info/security/advisory-20050215-1.txt (Links to External Site)
|
Cause: Boundary error
|
Underlying OS: Linux (Any), UNIX (Any)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Wed, 16 Feb 2005 02:01:56 -0500
Subject: http://www.kde.org/info/security/advisory-20050215-1.txt
|
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
KDE Security Advisory: Buffer overflow in fliccd of kdeedu/kstars/indi
Original Release Date: 2005-02-15
URL: http://www.kde.org/info/security/advisory-20050215-1.txt
0. References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0011
1. Systems affected:
KDE 3.3 up to including KDE 3.3.2.
2. Overview:
KStars includes support for the Instrument Neutral Distributed
Interface (INDI). The build system of this extra 3rd party
software contained an installation hook to install fliccd (part
of INDI) as SUID root application.
Erik Sjölund discovered that the code contains several
vulnerabilities that allow stack based buffer overflows.
3. Impact:
If the fliccd binary is installed as suid root, it enables root
privilege escalation for local users, or, if the daemon is
actually running (which it does not by default) and is running
as root, remote root privilege escalation.
4. Solution:
Source code patches have been made available which fix these
vulnerabilities. Contact your OS vendor / binary package provider
for information about how to obtain updated binary packages.
5. Patch:
A patch for 3.3.2 is available from
ftp://ftp.kde.org/pub/kde/security_patches :
2b9c8330bec2c0dc6669ccc40b24dd70 post-3.3.2-kdeedu-kstars.diff
6. Time line and credits:
05/01/2005 Erik Sjölund notifies Debian Security.
07/01/2005 Martin Schulze from the Debian Security team
notifies KDE security team about the vulnerabilities.
09/01/2005 Dirk Mueller from KDE security team develops
a patch that addresses the discovered and similiar
vulnerabilities. Contacting Jasem Mutlaq, the
author of INDI.
21/01/2005 Regressions are discovered with the patch and
subsequently fixed over the next few days.
15/02/2005 Coordinated public disclosure.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
iD8DBQFCEpTIvsXr+iuy1UoRAjqIAJ4gRvZO0g5nZjsfa25LQzSLMna1eQCcCJAR
ZZTMQECYLAq8/wM0wjxW3aM=
=LR+u
-----END PGP SIGNATURE-----
|
|
