Bug 69575 - Security problem with kdeinit (3.0.0)
Security problem with kdeinit (3.0.0)
Status: CLOSED DUPLICATE of bug 69692
Product: Red Hat Linux
Classification: Retired
Component: kdelibs (Show other bugs)
7.3
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: wdovlrrw
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2002-07-23 08:29 EDT by Bert DeKnuydt
Modified: 2008-05-01 11:38 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2002-07-23 17:14:12 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Details / Traces of bugreport (3.48 KB, text/plain)
2002-07-23 08:33 EDT, Bert DeKnuydt
no flags Details

  None (edit)
Description Bert DeKnuydt 2002-07-23 08:29:56 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.0) Gecko/20020607

Description of problem:
There is a serious security problem with kdeinit, and possibly several
other KDE applications tools etc.  The following description is 
for kdelibs-3.0.0-10 as shipped by RedHat 7.3 intel.

Short description:
-----------------

Kdeinit looks for shared libraries in non-system directories.  This can allow a
malicious local user to gain root access if root runs kde.


Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1.See attachment. Not describable in 3 lines.
2.
3.
	

Actual Results:  Crash (good) and/or loading of arbitrary libraries (bad).

Expected Results:  Not search along untrusted relative paths for shared libraries.

Additional info:
Comment 1 Bert DeKnuydt 2002-07-23 08:33:08 EDT
Created attachment 66524 [details]
Details / Traces of bugreport
Comment 2 Bert DeKnuydt 2002-07-23 17:14:08 EDT
coolo at kde dot org pointed me that Qt is the culprit.  

readelf -d /usr/lib/qt3/lib/libqt-mt.so (from qt-3.0.3-11)
shows an rpath like '../lib/'  Qt2 seems to be okay.
Comment 3 Mark J. Cox (Product Security) 2002-08-13 08:10:58 EDT

*** This bug has been marked as a duplicate of 69692 ***

Note You need to log in before you can comment on or make changes to this bug.