Bug 443768 - (CVE-2008-1671) CVE-2008-1671 kdelibs: multiple vulnerabilities in start_kdeinit
CVE-2008-1671 kdelibs: multiple vulnerabilities in start_kdeinit
Status: CLOSED NOTABUG
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
low Severity low
: ---
: ---
Assigned To: Red Hat Product Security
source=vendor-sec,reported=20080422,p...
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-04-23 04:01 EDT by Tomas Hoger
Modified: 2008-04-28 09:01 EDT (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-04-28 03:47:06 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Upstream patch (3.87 KB, patch)
2008-04-23 04:02 EDT, Tomas Hoger
no flags Details | Diff

  None (edit)
Description Tomas Hoger 2008-04-23 04:01:47 EDT
Upcoming KDE security advisory:

Systems affected:
	start_kdeinit of KDE 3.x as of KDE 3.5.5 or newer. KDE 4.0
	and newer is not affected. Only Linux platform is affected.

Overview:
	start_kdeinit is a wrapper to launch kdeinit with a lower OOM
	score on Linux. This helper is used to ensure that a
	single KDE application triggering the Linux kernel OOM killer
	does not kill the whole KDE session. By default,
	start_kdeinit is installed as setuid root. The start_kdeinit
	processing of user-influenceable input is faulty.

Impact:
        If start_kdeinit is installed as setuid root, a local user
        might be able to send unix signals to other processes, cause
        a denial of service or even possibly execute arbitrary code.
Comment 1 Tomas Hoger 2008-04-23 04:02:42 EDT
Created attachment 303448 [details]
Upstream patch
Comment 2 Tomas Hoger 2008-04-23 04:10:17 EDT
This issue did not affect versions of kdelibs as shipped with Red Hat Enterprise
Linux 2.1, 3, 4, or 5, that do not ship start_kdeinit helper.

start_kdeinit is shipped in versions of KDE currently in Fedora 7 and 8, however
start_kdeinit is not installed as setuid root in Fedora, so Fedora kdelibs
packages are not affected by this problem.
Comment 3 Tomas Hoger 2008-04-28 03:38:09 EDT
Public now, lifting embargo:

http://www.kde.org/info/security/advisory-20080426-2.txt
Comment 4 Tomas Hoger 2008-04-28 03:47:06 EDT
Closing based on comment #2.
Comment 5 Kevin Kofler 2008-04-28 08:50:06 EDT
I looked at this yesterday and I've come to the same conclusion, so I can 
confirm that Fedora is not affected.
Comment 6 Kevin Kofler 2008-04-28 08:51:33 EDT
Oh, and start_kdeinit is also shipped in kdelibs3 in dist-f9, but is not 
installed setuid root there either => dist-f9 also unaffected.
Comment 7 Tomas Hoger 2008-04-28 09:01:56 EDT
Kevin, thanks for review / confirmation!

Note You need to log in before you can comment on or make changes to this bug.