155917 – CAN-2003-0644 kdbg arbitrary command execution

Bug 155917 - CAN-2003-0644 kdbg arbitrary command execution

Summary: CAN-2003-0644 kdbg arbitrary command execution

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 2.1
Classification:	Red Hat
Component:	kdbg
Sub Component:
Version:	2.1
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Than Ngo
QA Contact:
Docs Contact:
URL:
Whiteboard:	http://lists.kde.org/?l=kde-announce&...
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2005-04-25 18:27 UTC by Josh Bressers
Modified:	2007-11-30 22:06 UTC (History)
CC List:	0 users
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2005-06-02 14:32:22 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2005:416	0	normal	SHIPPED_LIVE	Low: kdbg security update	2005-06-02 04:00:00 UTC

Description Josh Bressers 2005-04-25 18:27:58 UTC

Kdbg 1.1.0 through 1.2.8 does not check permissions of the .kdbgrc file, which
allows local users to execute arbitrary commands.

http://lists.kde.org/?l=kde-announce&m=106296509815092&w=2

Comment 1 Than Ngo 2005-04-27 17:03:45 UTC

it's now fixed in kdbg-1.2.1-7, built it in 2.1AS-errata-candidate tree

Comment 2 Josh Bressers 2005-06-02 14:32:22 UTC

An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2005-416.html

Note You need to log in before you can comment on or make changes to this bug.