SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   KDE Vendors:   KDE.org
(Fedora Issues Fix) KDE dcopidlng Unsafe Temporary Files May Let Local Users Gain Elevated Privileges
SecurityTracker Alert ID:  1013531
SecurityTracker URL:  http://securitytracker.com/id/1013531
CVE Reference:   CVE-2005-0365   (Links to External Site)
Date:  Mar 23 2005
Impact:   Modification of system information, Modification of user information, Root access via local system, User access via local system
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 3.3.2 and prior versions
Description:   A vulnerability was reported in KDE in the dcopidlng script. A local user may be able to obtain elevated privileges.

The 'dcop/dcopidlng/dcopidlng' script creates temporary files with a predictable filename based on the process ID. A local user can create a symbolic link (symlink) from a critical file on the system to a filename to be used by KDE as a temporary file. Then, when the affected script is run, the symlinked file will be created or overwritten with the privileges of the target user.

This may allow the local user to gain elevated privileges.

Davide Madrisan reported this vulnerability.

Impact:   A local user may be able to cause files to be modified to obtain elevated privileges.
Solution:   Fedora has released a fix, available at:

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/

c28ef6077f606f12a42cc9353b44dbfb SRPMS/kdelibs-3.3.1-2.9.FC3.src.rpm
27aa0f9c550e57fecd378e5e7c5aff97 x86_64/kdelibs-3.3.1-2.9.FC3.x86_64.rpm
f2801218b5ff4be23df191f5de57fa42
x86_64/kdelibs-devel-3.3.1-2.9.FC3.x86_64.rpm
add5d7c4324e4790ee84441237225e88
x86_64/debug/kdelibs-debuginfo-3.3.1-2.9.FC3.x86_64.rpm
4ef5aaa433f4108d56110118c35e3f7f x86_64/kdelibs-3.3.1-2.9.FC3.i386.rpm
4ef5aaa433f4108d56110118c35e3f7f i386/kdelibs-3.3.1-2.9.FC3.i386.rpm
5aca755d133987148fb5885b08daad24 i386/kdelibs-devel-3.3.1-2.9.FC3.i386.rpm
f79bcea56792848db679d141f9bd903b
i386/debug/kdelibs-debuginfo-3.3.1-2.9.FC3.i386.rpm

Vendor URL:  www.kde.org/ (Links to External Site)
Cause:   Access control error, State error
Underlying OS:  Linux (Red Hat Fedora)
Underlying OS Comments:  FC3

Message History:   This archive entry is a follow-up to the message listed below.
Mar 23 2005 KDE dcopidlng Unsafe Temporary Files May Let Local Users Gain Elevated Privileges



 Source Message Contents

Subject:  [SECURITY] Fedora Core 3 Update: kdelibs-3.3.1-2.9.FC3


---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2005-245
2005-03-23
---------------------------------------------------------------------

Product     : Fedora Core 3
Name        : kdelibs
Version     : 3.3.1
Release     : 2.9.FC3
Summary     : K Desktop Environment - Libraries
Description :
Libraries for the K Desktop Environment:
KDE Libraries included: kdecore (KDE core library), kdeui (user interface),
kfm (file manager), khtmlw (HTML widget), kio (Input/Output, networking),
kspell (spelling checker), jscript (javascript), kab (addressbook),
kimgio (image manipulation).

---------------------------------------------------------------------

* Wed Mar 23 2005 Than Ngo <than@redhat.com> 6:3.3.1-2.9.FC3

- Applied patch to fix konqueror international domain name spoofing,
  CAN-2005-0237, #147405
- get rid of broken AltiVec instructions on ppc

* Wed Mar  2 2005 Than Ngo <than@redhat.com> 6:3.3.1-2.8.FC3

- Applied patch to fix DCOP DoS, CAN-2005-0396, #150092
  thanks KDE security team

* Wed Feb 16 2005 Than Ngo <than@redhat.com> 6:3.3.1-2.7.FC3

- Applied patch to fix dcopidlng insecure temporary file usage, 
CAN-2005-0365, #148823


---------------------------------------------------------------------
This update can be downloaded from:
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/

c28ef6077f606f12a42cc9353b44dbfb  SRPMS/kdelibs-3.3.1-2.9.FC3.src.rpm
27aa0f9c550e57fecd378e5e7c5aff97  x86_64/kdelibs-3.3.1-2.9.FC3.x86_64.rpm
f2801218b5ff4be23df191f5de57fa42  
x86_64/kdelibs-devel-3.3.1-2.9.FC3.x86_64.rpm
add5d7c4324e4790ee84441237225e88  
x86_64/debug/kdelibs-debuginfo-3.3.1-2.9.FC3.x86_64.rpm
4ef5aaa433f4108d56110118c35e3f7f  x86_64/kdelibs-3.3.1-2.9.FC3.i386.rpm
4ef5aaa433f4108d56110118c35e3f7f  i386/kdelibs-3.3.1-2.9.FC3.i386.rpm
5aca755d133987148fb5885b08daad24  i386/kdelibs-devel-3.3.1-2.9.FC3.i386.rpm
f79bcea56792848db679d141f9bd903b  
i386/debug/kdelibs-debuginfo-3.3.1-2.9.FC3.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
---------------------------------------------------------------------

--
fedora-announce-list mailing list
fedora-announce-list@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-announce-list

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC