===================================================================== CERT-Renater Note d'Information No. 2005/VULN531 _____________________________________________________________________ DATE : 05/09/2005 HARDWARE PLATFORM(S) : / OPERATING SYSTEM(S) : Systems running KDE 3.2.0 to KDE 3.4.2. ====================================================================== Title ===== KDE - kcheckpass local root vulnerability Detail ====== KDE Security Advisory: kcheckpass local root vulnerability Original Release Date: 2008-09-05 URL: http://www.kde.org/info/security/advisory-20050905-1.txt 0. References CAN-2005-2494 1. Systems affected: All KDE releases starting from KDE 3.2.0 up to including KDE 3.4.2. 2. Overview: Ilja van Sprundel from suresec.org notified the KDE security team about a serious lock file handling error in kcheckpass that can, in some configurations, be used to gain root access. In order for an exploit to succeed, the directory /var/lock has to be writeable for a user that is allowed to invoke kcheckpass. 3. Impact: A local user can escalate its privileges to the root user. 4. Solution: Source code patches have been made available which fix these vulnerabilities. Contact your OS vendor / binary package provider for information about how to obtain updated binary packages. 5. Patch: Patch for KDE 3.4.2 is available from ftp://ftp.kde.org/pub/kde/security_patches : 86f7d6fd68568dfd1edcae453958ba31 post-3.4.2-kdebase-kcheckpass.diff - ---------------------------------------------------------------------------------- ====================================================================== ========================================================= Les serveurs de référence du CERT-Renater http://www.urec.fr/securite http://www.cru.fr/securite http://www.renater.fr ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 151 bd de l'Hopital | fax : 01-53-94-20-41 + + 75013 Paris | email: certsvp@renater.fr + =========================================================