KDE Privilege Escalation and Weak Session Cookie - Secunia Advisories - Vulnerability Intelligence

KDE Privilege Escalation and Weak Session Cookie
Secunia Advisory:	SA9753	Advisory Toolbox: Issue ticket Save in to-do list Mark as handled Exploit information Download as PDF Review actions Add comment
Release Date:	2003-09-17
Popularity:	9,441 views

Critical:	Less critical
Impact:	Brute force Privilege escalation System access
Where:	From local network
Solution Status:	Vendor Patch

Software:	KDE 2.x KDE 3.x

Subscribe:	Instant alerts on relevant vulnerabilities

CVE reference:	CVE-2003-0690 CVE-2003-0692

Description: Two vulnerabilities have been identified in KDE allowing malicious users to escalate their privileges or malicious people to brute force the session cookie. 1) KDM may grant a valid users root privileges if configured to use the pam_krb5 module. It is uncertain whether this affects other pam modules. The problem is that KDM doesn't check for succesful completion of "pam_setcred()". 2) The algorithm which generates the 128 bit session cookies is weak, potentially allowing malicious people to brute force the session cookie. This could potentially be exploited by malicious people on the local network to gain system access. This affects all versions of KDE. Solution: KDE recommend that users upgrade to version 3.1.4 Patches are available for certain versions: A patch for KDE 2.2.2 is available from: ftp://ftp.kde.org/pub/kde/security_patches 4672868343b26e0c0eae91fffeff1f7e post-2.2.2-kdebase-kdm.patch A patch for KDE 3.0.5b is available from: ftp://ftp.kde.org/pub/kde/security_patches fde237203fc7b325c34d2f90a463db3f post-3.0.5-kdebase-kdm.patch A patch for KDE 3.1.3 is available from: ftp://ftp.kde.org/pub/kde/security_patches 8553c20798b321e333d8c516636f2297 post-3.1.3-kdebase-kdm.patch Provided and/or discovered by: Stephan Kulow George Lebl Original Advisory: http://www.kde.org/info/security/advisory-20030916-1.txt

Track this Secunia Advisory
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released. Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.

About this Secunia Advisory
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise. Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.

Latest Advisories

Today

New advisories:	24
New vulnerabilities:	39
Updated advisories:	41

Moderately // 138 views

mvnForum Unspecified Cross-Site Scripting and Request Forgery

Less // 146 views

Debian update for awstats

Moderately // 156 views

Kolab Server ClamAV Multiple Vulnerabilities

Less // 216 views

Movable Type Unspecified Cross-Site Scripting Vulnerability

Moderately // 202 views

Sunbyte e-Flower "id" SQL Injection Vulnerability

Not // 230 views

SUSE update for kernel

Not // 294 views

HP-UX Unspecified Local Denial of Service Vulnerability

Moderately // 270 views

WebGUI Executable Attachments Vulnerability

Moderately // 395 views

SquirrelMail Malformed HTML Mail Message Script Insertion

Less // 378 views

VMware ESX Server update for bzip2

Solutions | More...

Send Feedback to Secunia
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com. Ideas, suggestions, and other feedback are most welcome.