Vulnerability Note VU#982616
KDE2 kdesu 'keep password' option does not verify socket listener potentially exposing su password
kdesu is a interactive interface to the substitute user (su) command for the KDE environment. To pass authentication information, it creates a file that may be read by unauthorized users.
kdesu communicates with su using a socket, implemented as a file in /tmp with a predictable name. In this file is placed authenticating information for the effective user that the kdesu user wishes to become (often root).
By using a symbolic link attack, an attacker may be able to capture usernames and passwords.
Apply vendor patches; see the Systems Affected section below.
Creating files in /tmp with appropriate names may block the symbolic link attack, but it may also prevent kdesu from operating properly. It will not be a robust fix.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Caldera||Affected||-||17 May 2001|
|Conectiva||Affected||23 Jan 2001||17 May 2001|
|MandrakeSoft||Affected||30 Apr 2001||17 May 2001|
|RedHat||Affected||25 Apr 200||17 May 2001|
|SuSE||Affected||23 Jan 2001||17 May 2001|
CVSS Metrics (Learn More)
Initial information on this vulnerability came from a statement by Caldera Systems.
This document was last modified by Tim Shimeall.
- CVE IDs: CAN-2001-0178
- Date Public: 23 Jan 2001
- Date First Published: 17 May 2001
- Date Last Updated: 01 Aug 2001
- Severity Metric: 8.10
- Document Revision: 11
If you have feedback, comments, or additional information about this vulnerability, please send us email.