Vulnerability Note VU#982616

KDE2 kdesu 'keep password' option does not verify socket listener potentially exposing su password

Original Release date: 17 May 2001 | Last revised: 01 Aug 2001

Overview

kdesu is a interactive interface to the substitute user (su) command for the KDE environment. To pass authentication information, it creates a file that may be read by unauthorized users.

Description

kdesu communicates with su using a socket, implemented as a file in /tmp with a predictable name. In this file is placed authenticating information for the effective user that the kdesu user wishes to become (often root).

Impact

By using a symbolic link attack, an attacker may be able to capture usernames and passwords.

Solution

Apply vendor patches; see the Systems Affected section below.

Creating files in /tmp with appropriate names may block the symbolic link attack, but it may also prevent kdesu from operating properly. It will not be a robust fix.

Systems Affected (Learn More)

VendorStatusDate NotifiedDate Updated
CalderaAffected-17 May 2001
ConectivaAffected23 Jan 200117 May 2001
MandrakeSoftAffected30 Apr 200117 May 2001
RedHatAffected25 Apr 20017 May 2001
SuSEAffected23 Jan 200117 May 2001
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A N/A

References

Credit

Initial information on this vulnerability came from a statement by Caldera Systems.

This document was last modified by Tim Shimeall.

Other Information

  • CVE IDs: CAN-2001-0178
  • Date Public: 23 Jan 2001
  • Date First Published: 17 May 2001
  • Date Last Updated: 01 Aug 2001
  • Severity Metric: 8.10
  • Document Revision: 11

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.