__________________________________________________________ The U.S. Department of Energy Computer Incident Advisory Capability ___ __ __ _ ___ / | /_\ / \___ __|__ / \ \___ __________________________________________________________ INFORMATION BULLETIN kdebase Security Update [RHSA-2006:0548-5] June 26, 2006 16:00 GMT Number Q-232 [REVISED 28 Aug 2006] ______________________________________________________________________________ PROBLEM: There is a flaw in KDM. The kdebase packages provide the core applications for KDE, the K Desktop Environment. PLATFORM: Red Hat Desktop (v. 4) Red Hat Enterprise Linux AS, ES, WS (v. 4) DAMAGE: A malicious local KDM user could use a symmlink attack to read an arbitrary file that they would not normally have permmissions to read. SOLUTION: Upgrade to the appropriate version. ______________________________________________________________________________ VULNERABILITY The risk is MEDIUM. A malicious local KDM user could use a ASSESSMENT: symmlink attack to read an arbitrary file that they would not normally have permmissions to read. ______________________________________________________________________________ LINKS: CIAC BULLETIN: http://www.ciac.org/ciac/bulletins/q-232.shtml ORIGINAL BULLETIN: Red Hat RHSA-2006:0548-5 https://rhn.redhat.com/errata/RHSA-2006-0548.html ADDITIONAL LINKS: http://www.debian.org/security/2006/dsa-1156 CVE: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2449 ______________________________________________________________________________ REVISION HISTORY: 08/28/2006 - added a link to Debian Security Advisory 1156-1 [***** Start RHSA-2006:0548-5 *****] Important: kdebase security update Advisory: RHSA-2006:0548-5 Type: Security Advisory Issued on: 2006-06-14 Last updated on: 2006-06-26 Affected Products: Red Hat Desktop (v. 4) Red Hat Enterprise Linux AS (v. 4) Red Hat Enterprise Linux ES (v. 4) Red Hat Enterprise Linux WS (v. 4) CVEs (cve.mitre.org): CVE-2006-2449 Details Updated kdebase packages that correct a security flaw in kdm are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. The kdebase packages provide the core applications for KDE, the K Desktop Environment. These core packages include the KDE Display Manager (KDM). Ludwig Nussel discovered a flaw in KDM. A malicious local KDM user could use a symlink attack to read an arbitrary file that they would not normally have permissions to read. (CVE-2006-2449) Note: this issue does not affect the version of KDM as shipped with Red Hat Enterprise Linux 2.1 or 3. All users of KDM should upgrade to these updated packages which contain a backported patch to correct this issue. Solution Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. Updated packages Red Hat Desktop (v. 4) -------------------------------------------------------------------------------- SRPMS: kdebase-3.3.1-5.12.src.rpm 493652aa8e8c177a5413507b2575f8c0 IA-32: kdebase-3.3.1-5.12.i386.rpm 783d1f963e34f1e33bd25f708b399b99 kdebase-devel-3.3.1-5.12.i386.rpm 904d168f890da4f21508fe358d146b17 x86_64: kdebase-3.3.1-5.12.i386.rpm 783d1f963e34f1e33bd25f708b399b99 kdebase-3.3.1-5.12.x86_64.rpm 12750a61fe65ddd1ecd7ab903bd0bc1a kdebase-devel-3.3.1-5.12.x86_64.rpm e73c2b102519b66cbd03d612c1bdcef3 Red Hat Enterprise Linux AS (v. 4) -------------------------------------------------------------------------------- SRPMS: kdebase-3.3.1-5.12.src.rpm 493652aa8e8c177a5413507b2575f8c0 IA-32: kdebase-3.3.1-5.12.i386.rpm 783d1f963e34f1e33bd25f708b399b99 kdebase-devel-3.3.1-5.12.i386.rpm 904d168f890da4f21508fe358d146b17 IA-64: kdebase-3.3.1-5.12.i386.rpm 783d1f963e34f1e33bd25f708b399b99 kdebase-3.3.1-5.12.ia64.rpm 417c771330db7cc80278219112daa6cd kdebase-devel-3.3.1-5.12.ia64.rpm 59ad6330dfa63d0eac17e250a976eb3c PPC: kdebase-3.3.1-5.12.ppc.rpm a5a61abe832e7bb9c124ad13b87ca1a9 kdebase-3.3.1-5.12.ppc64.rpm 23318ff73eaf52c1f578a01b4d939a02 kdebase-devel-3.3.1-5.12.ppc.rpm 3ed13abbd6dcdb4e22f2cc7f3c95e508 s390: kdebase-3.3.1-5.12.s390.rpm 5d985202e89698cadb2fa5543538ec44 kdebase-devel-3.3.1-5.12.s390.rpm cf5021dbd08326f5b7880b98e4fd2d22 s390x: kdebase-3.3.1-5.12.s390.rpm 5d985202e89698cadb2fa5543538ec44 kdebase-3.3.1-5.12.s390x.rpm fd7276e1c85fd2d14c1c2fa84a5c2958 kdebase-devel-3.3.1-5.12.s390x.rpm bb4347afbfd01e4a24acbf68579eb45c x86_64: kdebase-3.3.1-5.12.i386.rpm 783d1f963e34f1e33bd25f708b399b99 kdebase-3.3.1-5.12.x86_64.rpm 12750a61fe65ddd1ecd7ab903bd0bc1a kdebase-devel-3.3.1-5.12.x86_64.rpm e73c2b102519b66cbd03d612c1bdcef3 Red Hat Enterprise Linux ES (v. 4) -------------------------------------------------------------------------------- SRPMS: kdebase-3.3.1-5.12.src.rpm 493652aa8e8c177a5413507b2575f8c0 IA-32: kdebase-3.3.1-5.12.i386.rpm 783d1f963e34f1e33bd25f708b399b99 kdebase-devel-3.3.1-5.12.i386.rpm 904d168f890da4f21508fe358d146b17 IA-64: kdebase-3.3.1-5.12.i386.rpm 783d1f963e34f1e33bd25f708b399b99 kdebase-3.3.1-5.12.ia64.rpm 417c771330db7cc80278219112daa6cd kdebase-devel-3.3.1-5.12.ia64.rpm 59ad6330dfa63d0eac17e250a976eb3c x86_64: kdebase-3.3.1-5.12.i386.rpm 783d1f963e34f1e33bd25f708b399b99 kdebase-3.3.1-5.12.x86_64.rpm 12750a61fe65ddd1ecd7ab903bd0bc1a kdebase-devel-3.3.1-5.12.x86_64.rpm e73c2b102519b66cbd03d612c1bdcef3 Red Hat Enterprise Linux WS (v. 4) -------------------------------------------------------------------------------- SRPMS: kdebase-3.3.1-5.12.src.rpm 493652aa8e8c177a5413507b2575f8c0 IA-32: kdebase-3.3.1-5.12.i386.rpm 783d1f963e34f1e33bd25f708b399b99 kdebase-devel-3.3.1-5.12.i386.rpm 904d168f890da4f21508fe358d146b17 IA-64: kdebase-3.3.1-5.12.i386.rpm 783d1f963e34f1e33bd25f708b399b99 kdebase-3.3.1-5.12.ia64.rpm 417c771330db7cc80278219112daa6cd kdebase-devel-3.3.1-5.12.ia64.rpm 59ad6330dfa63d0eac17e250a976eb3c x86_64: kdebase-3.3.1-5.12.i386.rpm 783d1f963e34f1e33bd25f708b399b99 kdebase-3.3.1-5.12.x86_64.rpm 12750a61fe65ddd1ecd7ab903bd0bc1a kdebase-devel-3.3.1-5.12.x86_64.rpm e73c2b102519b66cbd03d612c1bdcef3 (The unlinked packages above are only available from the Red Hat Network) Bugs fixed (see bugzilla for more information) 194581 - CVE-2006-2449 kdm file disclosure References http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2449 http://www.kde.org/info/security/advisory-20060614-1.txt http://www.redhat.com/security/updates/classification/#important -------------------------------------------------------------------------------- These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from: https://www.redhat.com/security/team/key/#package The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/ [***** End RHSA-2006:0548-5 *****] _______________________________________________________________________________ CIAC wishes to acknowledge the contributions of Red Hat for the information contained in this bulletin. _______________________________________________________________________________ CIAC, the Computer Incident Advisory Capability, is the computer security incident response team for the U.S. Department of Energy (DOE) and the emergency backup response team for the National Institutes of Health (NIH). CIAC is located at the Lawrence Livermore National Laboratory in Livermore, California. CIAC is also a founding member of FIRST, the Forum of Incident Response and Security Teams, a global organization established to foster cooperation and coordination among computer security teams worldwide. CIAC services are available to DOE, DOE contractors, and the NIH. CIAC can be contacted at: Voice: +1 925-422-8193 (7x24) FAX: +1 925-423-8002 STU-III: +1 925-423-2604 E-mail: ciac@ciac.org Previous CIAC notices, anti-virus software, and other information are available from the CIAC Computer Security Archive. World Wide Web: http://www.ciac.org/ Anonymous FTP: ftp.ciac.org PLEASE NOTE: Many users outside of the DOE, ESnet, and NIH computing communities receive CIAC bulletins. If you are not part of these communities, please contact your agency's response team to report incidents. Your agency's team will coordinate with CIAC. The Forum of Incident Response and Security Teams (FIRST) is a world-wide organization. A list of FIRST member organizations and their constituencies can be obtained via WWW at http://www.first.org/. This document was prepared as an account of work sponsored by an agency of the United States Government. Neither the United States Government nor the University of California nor any of their employees, makes any warranty, express or implied, or assumes any legal liability or responsibility for the accuracy, completeness, or usefulness of any information, apparatus, product, or process disclosed, or represents that its use would not infringe privately owned rights. Reference herein to any specific commercial products, process, or service by trade name, trademark, manufacturer, or otherwise, does not necessarily constitute or imply its endorsement, recommendation or favoring by the United States Government or the University of California. The views and opinions of authors expressed herein do not necessarily state or reflect those of the United States Government or the University of California, and shall not be used for advertising or product endorsement purposes. LAST 10 CIAC BULLETINS ISSUED (Previous bulletins available from CIAC) Q-222: Vulnerability in Windows Media Player Q-223: Vulnerability in Routing and Remote Access Q-224: Vulnerability in Microsoft PowerPoint Q-225: Vulnerability in Microsoft Exchange Server Running Outlook Web Access Q-226: Vulnerability in Server Message Block Q-227: Vulnerability in RPC Mutual Authentication Q-228: Vulnerability in TCP/IP Q-229: horde3 -- Missing Input Sanitising Q-230: kernel-source-2.4.27 -- Several Vulnerabilities Q-231: Cisco Secure ACS for UNIX Cross Site Scripting Vulnerability