Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
[ GLSA 200804-30 ] KDE start_kdeinit: Multiple vulnerabilities
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index News & Announcements
View previous topic :: View next topic  
Author Message
GLSA
Veteran
Veteran


Joined: 12 May 2004
Posts: 1706

PostPosted: Tue Apr 29, 2008 1:26 pm    Post subject: [ GLSA 200804-30 ] KDE start_kdeinit: Multiple vulnerabiliti Reply with quote

Gentoo Linux Security Advisory

Title: KDE start_kdeinit: Multiple vulnerabilities (GLSA 200804-30)
Severity: high
Exploitable: local
Date: April 29, 2008
Updated: April 08, 2009
Bug(s): #218933
ID: 200804-30

Synopsis


Multiple vulnerabilities in start_kdeinit could possibly allow a local
attacker to execute arbitrary code with root privileges.


Background


KDE is a feature-rich graphical desktop environment for Linux and
Unix-like operating systems. start_kdeinit is a wrapper for kdeinit.


Affected Packages

Package: kde-base/kdelibs
Vulnerable: < 4.0
Unaffected: >= 3.5.8-r4 < 3.5.9
Unaffected: >= 3.5.9-r3 < 3.5.10
Unaffected: > 4.0
Unaffected: < 3.5.5
Unaffected: >= 3.5.10-r2 < 3.5.11
Architectures: All supported architectures


Description


Vulnerabilities have been reported in the processing of user-controlled
data by start_kdeinit, which is setuid root by default.


Impact


A local attacker could possibly execute arbitrary code with root
privileges, cause a Denial of Service or send Unix signals to other
processes, when start_kdeinit is setuid root.


Workaround


There is no known workaround at this time.


Resolution


All kdelibs users should upgrade to the latest version:
Code:
# emerge --sync
    # emerge --ask --oneshot --verbose ">=kde-base/kdelibs-3.5.8-r4"


References

CVE-2008-1671


Last edited by GLSA on Thu Sep 10, 2009 4:18 am; edited 3 times in total
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index News & Announcements All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum