Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 315235 (CVE-2010-0436) - <=kde-base/kdm-4.3.3 Local Privilege Escalation Vulnerability (CVE-2010-0436)
Summary: <=kde-base/kdm-4.3.3 Local Privilege Escalation Vulnerability (CVE-2010-0436)
Status: RESOLVED FIXED
Alias: CVE-2010-0436
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High critical (vote)
Assignee: Gentoo Security
URL:
Whiteboard: A1 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2010-04-14 09:40 UTC by Samuli Suominen
Modified: 2014-12-12 00:31 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Samuli Suominen gentoo-dev 2010-04-14 09:40:06 UTC
KDE Security Advisory: KDM Local Privilege Escalation Vulnerability
Original Release Date: 2010-04-13
URL: http://www.kde.org/info/security/advisory-20100413-1.txt

0. References
	CVE-2010-0436

1. Systems affected:

	KDM as shipped with KDE SC 2.2.0 up to including KDE SC 4.4.2

2. Overview:

	KDM contains a race condition that allows local attackers to
	make arbitrary files on the system world-writeable. This can
	happen while KDM tries to create its control socket during
	user login. This vulnerability has been discovered by
	Sebastian Krahmer from the SUSE Security Team.

3. Impact:

	A local attacker with a valid local account can under
	certain circumstances make use of this vulnerability to
	execute arbitrary code as root.

4. Solution:

	Source code patches have been made available which fix these
	vulnerabilities. Contact your OS vendor / binary package provider
	for information about how to obtain updated binary packages.

5. Patch:

	A patch for KDE 4.3.x-4.4.x is available from
	ftp://ftp.kde.org/pub/kde/security_patches :

	68c1dfe76e80812e5e049bb599b3374e  kdebase-workspace-4.3.5-CVE-2010-0436.diff


http://www.kde.org/info/security/advisory-20100413-1.txt

ftp://ftp.kde.org/pub/kde/security_patches/kdebase-workspace-4.3.5-CVE-2010-0436.diff
Comment 1 Tobias Heinlein (RETIRED) gentoo-dev 2010-04-14 13:07:18 UTC
Thanks, Samuli.

KDE, please provide a patched ebuild ASAP.
Comment 2 Maciej Mrozowski gentoo-dev 2010-04-14 18:31:32 UTC
Fixed in kdm-4.3.5-r1, kdm-4.4.2-r2
Comment 3 Samuli Suominen gentoo-dev 2010-04-14 18:43:14 UTC
(In reply to comment #2)
> Fixed in kdm-4.3.5-r1, kdm-4.4.2-r2
> 

Note that HPPA refused to stabilize 4.3.5, so you ""need"" to maintain also 4.3.3 wrt http://bugs.gentoo.org/show_bug.cgi?id=300393#c7
Comment 4 Alex Legler (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2010-04-22 17:25:15 UTC
CVE-2010-0436 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0436):
  Race condition in backend/ctrl.c in KDM in KDE Software Compilation
  (SC) 2.2.0 through 4.4.2 allows local users to change the permissions
  of arbitrary files, and consequently gain privileges, by blocking the
  removal of a certain directory that contains a control socket,
  related to improper interaction with ksm.

Comment 5 Samuli Suominen gentoo-dev 2010-05-22 20:32:21 UTC
@security: 
was there any reason we have been waiting for a over month now for someone to CC arch's for kdm-4.3.5-r1 stabilization?

@kde:
are you still maintaining 4.3.3? we could use 4.3.3-r1 for hppa since they don't do newer versions and it's security supported arch (or is it?)
Comment 7 Tobias Heinlein (RETIRED) gentoo-dev 2010-05-29 12:17:51 UTC
(In reply to comment #5)
> @security: 
> was there any reason we have been waiting for a over month now for someone to
> CC arch's for kdm-4.3.5-r1 stabilization?

No, sorry. Most of the team is inactive.

> @kde:
> are you still maintaining 4.3.3? we could use 4.3.3-r1 for hppa since they
> don't do newer versions and it's security supported arch (or is it?)
> 

It is. KDE, what's your take on this?
Comment 8 Tobias Heinlein (RETIRED) gentoo-dev 2010-05-29 12:19:18 UTC
Arches, please test and mark stable:
=kde-base/kdm-4.3.5-r1
Target keywords : "amd64 hppa ppc ppc64 x86"
Comment 9 Paweł Hajdan, Jr. (RETIRED) gentoo-dev 2010-05-29 16:21:31 UTC
x86 stable
Comment 10 Markus Meier gentoo-dev 2010-05-31 19:54:13 UTC
amd64 stable
Comment 11 Joe Jezak (RETIRED) gentoo-dev 2010-05-31 20:28:55 UTC
Marked ppc/ppc64 stable.
Comment 12 Joe Jezak (RETIRED) gentoo-dev 2010-05-31 20:31:17 UTC
Whoops, only marked ppc, not ppc64, sorry for the noise.
Comment 13 Andreas K. Hüttel gentoo-dev 2010-06-06 17:35:44 UTC
Fixed in 4.4.4
Comment 14 Matthias Geerdsen (RETIRED) gentoo-dev 2010-06-13 19:35:59 UTC
ppc64, please test and mark stable as soon as possible:
=kde-base/kdm-4.3.5-r1

KDE, please comment on comment #7 and at best provide a 4.3.3-r1 with the patch if possible
Comment 15 Samuli Suominen gentoo-dev 2010-06-21 14:27:39 UTC
kdm-4.3.3 removed from tree
Comment 16 Samuli Suominen gentoo-dev 2010-06-21 16:05:36 UTC
ready for glsa, I guess it should mention that hppa and ppc64 users should "emerge -C kdm"
Comment 17 Stefan Behte (RETIRED) gentoo-dev Security 2010-08-01 12:26:22 UTC
glsa request filed.
Comment 18 Theo Chatzimichos (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2010-12-30 19:10:39 UTC
CC us back if you need us again
Comment 19 Sean Amoss (RETIRED) gentoo-dev Security 2014-12-12 00:31:01 UTC
This issue was resolved and addressed in
 GLSA 201412-08 at http://security.gentoo.org/glsa/glsa-201412-08.xml
by GLSA coordinator Sean Amoss (ackle).