Red Hat Bugzilla – Bug 443768
CVE-2008-1671 kdelibs: multiple vulnerabilities in start_kdeinit
Last modified: 2008-04-28 09:01:56 EDT
Upcoming KDE security advisory:
start_kdeinit of KDE 3.x as of KDE 3.5.5 or newer. KDE 4.0
and newer is not affected. Only Linux platform is affected.
start_kdeinit is a wrapper to launch kdeinit with a lower OOM
score on Linux. This helper is used to ensure that a
single KDE application triggering the Linux kernel OOM killer
does not kill the whole KDE session. By default,
start_kdeinit is installed as setuid root. The start_kdeinit
processing of user-influenceable input is faulty.
If start_kdeinit is installed as setuid root, a local user
might be able to send unix signals to other processes, cause
a denial of service or even possibly execute arbitrary code.
Created attachment 303448 [details]
This issue did not affect versions of kdelibs as shipped with Red Hat Enterprise
Linux 2.1, 3, 4, or 5, that do not ship start_kdeinit helper.
start_kdeinit is shipped in versions of KDE currently in Fedora 7 and 8, however
start_kdeinit is not installed as setuid root in Fedora, so Fedora kdelibs
packages are not affected by this problem.
Public now, lifting embargo:
Closing based on comment #2.
I looked at this yesterday and I've come to the same conclusion, so I can
confirm that Fedora is not affected.
Oh, and start_kdeinit is also shipped in kdelibs3 in dist-f9, but is not
installed setuid root there either => dist-f9 also unaffected.
Kevin, thanks for review / confirmation!