Bug 164487 - CAN-2005-0205 kdenetwork- kppp local domain name hijacking
Summary: CAN-2005-0205 kdenetwork- kppp local domain name hijacking
Keywords:
Status: CLOSED CANTFIX
Alias: None
Product: Fedora Legacy
Classification: Retired
Component: kdenetwork
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Fedora Legacy Bugs
QA Contact:
URL: http://rhn.redhat.com/errata/RHSA-200...
Whiteboard: LEGACY, rh73, rh90, 1, NEEDSWORK
Depends On:
Blocks: Leg-KDE-Track
TreeView+ depends on / blocked
 
Reported: 2005-07-28 07:37 UTC by Marc Bejarano
Modified: 2007-04-18 17:29 UTC (History)
1 user (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2007-04-12 00:38:37 UTC
Embargoed:


Attachments (Terms of Use)

Description Marc Bejarano 2005-07-28 07:37:20 UTC
legacy version of bug 148912

my 7.3 system has /usr/bin/kppp as part of package kppp-3.0.5a-0.73.0

Comment 1 David Eisenstein 2006-02-06 08:34:44 UTC
This issue was worked on for RHEL2.1 and RHEL3 in bug #148912.  Is also
known as KDE Advisory "advisory-20050228-1," at
   <http://www.kde.org/info/security/advisory-20050228-1.txt>

From that advisory:

"1. Systems affected:

        "kppp as included in KDE up to including KDE 3.1.5. KDE 3.2.x
        and newer are not affected.

"2. Overview:

        "kppp, if installed suid root, allows local attackers to hijack
        a system's domain name resolution function. 

        "A fix introduced for a similiar vulnerability, added to the code
        base in 1998, was incomplete and can be bypassed.

        "In 2002 a proper fix was made by Dirk Mueller for KDE 3.2 as part
        of a code audit. No advisory was issued because the problem was
        considered to be unexploitable at that time. iDEFENSE now
        rediscovered the issue and supplied an example exploit for this
        vulnerability.

"3. Impact:

        "Modifications to /etc/hosts and /etc/resolv.conf can be done by
        local users which allows manipulation of host and domain name
        lookups, enabling other phishing and social engineering attacks."

This issue affects RHL7.3, RHL9, and FC1.

Red Hat issued http://rhn.redhat.com/errata/RHSA-2005-175.html on this
issue.

Comment 2 David Eisenstein 2007-04-12 00:38:37 UTC
Red Hat Linux and Fedora Core releases <=4 are now completely unmaintained.
These bugs can't be fixed in these versions.  If the issue still persists in
current Fedora Core releases, please reopen.  Thank you, and sorry about this.


Note You need to log in before you can comment on or make changes to this bug.