|Summary:||<=kde-base/kdm-4.3.3 Local Privilege Escalation Vulnerability (CVE-2010-0436)|
|Product:||Gentoo Security||Reporter:||Samuli Suominen (RETIRED) <ssuominen>|
|Component:||Vulnerabilities||Assignee:||Gentoo Security <security>|
|Package list:||Runtime testing required:||---|
Description Samuli Suominen (RETIRED) 2010-04-14 09:40:06 UTC
KDE Security Advisory: KDM Local Privilege Escalation Vulnerability Original Release Date: 2010-04-13 URL: http://www.kde.org/info/security/advisory-20100413-1.txt 0. References CVE-2010-0436 1. Systems affected: KDM as shipped with KDE SC 2.2.0 up to including KDE SC 4.4.2 2. Overview: KDM contains a race condition that allows local attackers to make arbitrary files on the system world-writeable. This can happen while KDM tries to create its control socket during user login. This vulnerability has been discovered by Sebastian Krahmer from the SUSE Security Team. 3. Impact: A local attacker with a valid local account can under certain circumstances make use of this vulnerability to execute arbitrary code as root. 4. Solution: Source code patches have been made available which fix these vulnerabilities. Contact your OS vendor / binary package provider for information about how to obtain updated binary packages. 5. Patch: A patch for KDE 4.3.x-4.4.x is available from ftp://ftp.kde.org/pub/kde/security_patches : 68c1dfe76e80812e5e049bb599b3374e kdebase-workspace-4.3.5-CVE-2010-0436.diff http://www.kde.org/info/security/advisory-20100413-1.txt ftp://ftp.kde.org/pub/kde/security_patches/kdebase-workspace-4.3.5-CVE-2010-0436.diff
Comment 1 Tobias Heinlein (RETIRED) 2010-04-14 13:07:18 UTC
Thanks, Samuli. KDE, please provide a patched ebuild ASAP.
Comment 2 Maciej Mrozowski 2010-04-14 18:31:32 UTC
Fixed in kdm-4.3.5-r1, kdm-4.4.2-r2
Comment 3 Samuli Suominen (RETIRED) 2010-04-14 18:43:14 UTC
(In reply to comment #2) > Fixed in kdm-4.3.5-r1, kdm-4.4.2-r2 > Note that HPPA refused to stabilize 4.3.5, so you ""need"" to maintain also 4.3.3 wrt http://bugs.gentoo.org/show_bug.cgi?id=300393#c7
Comment 4 Alex Legler (RETIRED) 2010-04-22 17:25:15 UTC
CVE-2010-0436 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0436): Race condition in backend/ctrl.c in KDM in KDE Software Compilation (SC) 2.2.0 through 4.4.2 allows local users to change the permissions of arbitrary files, and consequently gain privileges, by blocking the removal of a certain directory that contains a control socket, related to improper interaction with ksm.
Comment 5 Samuli Suominen (RETIRED) 2010-05-22 20:32:21 UTC
@security: was there any reason we have been waiting for a over month now for someone to CC arch's for kdm-4.3.5-r1 stabilization? @kde: are you still maintaining 4.3.3? we could use 4.3.3-r1 for hppa since they don't do newer versions and it's security supported arch (or is it?)
Comment 6 Samuli Suominen (RETIRED) 2010-05-29 11:40:53 UTC
Comment 7 Tobias Heinlein (RETIRED) 2010-05-29 12:17:51 UTC
(In reply to comment #5) > @security: > was there any reason we have been waiting for a over month now for someone to > CC arch's for kdm-4.3.5-r1 stabilization? No, sorry. Most of the team is inactive. > @kde: > are you still maintaining 4.3.3? we could use 4.3.3-r1 for hppa since they > don't do newer versions and it's security supported arch (or is it?) > It is. KDE, what's your take on this?
Comment 8 Tobias Heinlein (RETIRED) 2010-05-29 12:19:18 UTC
Arches, please test and mark stable: =kde-base/kdm-4.3.5-r1 Target keywords : "amd64 hppa ppc ppc64 x86"
Comment 9 Paweł Hajdan, Jr. (RETIRED) 2010-05-29 16:21:31 UTC
Comment 10 Markus Meier 2010-05-31 19:54:13 UTC
Comment 11 Joe Jezak (RETIRED) 2010-05-31 20:28:55 UTC
Marked ppc/ppc64 stable.
Comment 12 Joe Jezak (RETIRED) 2010-05-31 20:31:17 UTC
Whoops, only marked ppc, not ppc64, sorry for the noise.
Comment 13 Andreas K. Hüttel 2010-06-06 17:35:44 UTC
Fixed in 4.4.4
Comment 14 Matthias Geerdsen (RETIRED) 2010-06-13 19:35:59 UTC
ppc64, please test and mark stable as soon as possible: =kde-base/kdm-4.3.5-r1 KDE, please comment on comment #7 and at best provide a 4.3.3-r1 with the patch if possible
Comment 15 Samuli Suominen (RETIRED) 2010-06-21 14:27:39 UTC
kdm-4.3.3 removed from tree
Comment 16 Samuli Suominen (RETIRED) 2010-06-21 16:05:36 UTC
ready for glsa, I guess it should mention that hppa and ppc64 users should "emerge -C kdm"
Comment 17 Stefan Behte (RETIRED) 2010-08-01 12:26:22 UTC
glsa request filed.
Comment 18 Theo Chatzimichos (RETIRED) 2010-12-30 19:10:39 UTC
CC us back if you need us again
Comment 19 Sean Amoss (RETIRED) 2014-12-12 00:31:01 UTC
This issue was resolved and addressed in GLSA 201412-08 at http://security.gentoo.org/glsa/glsa-201412-08.xml by GLSA coordinator Sean Amoss (ackle).