search menu icon-carat-right cmu-wordmark

CERT Coordination Center

Due to insecure creation of configuration files via KApplication-class, local users can create arbitrary files when running setuid root KDE programs

Vulnerability Note VU#32448

Original Release Date: 2001-05-30 | Last Revised: 2001-05-30

Overview

KApplication-class, a class used to create KDE applications, creates configuration files without checking for proper ownership or prior existence.

Description

KApplication-class, a class used to create KDE applications, creates configuration files. These files are created in a local directory and named predictably based on the KDE application name. The CREAT call does not check for prior existence or proper ownership.

Impact

Using a symlink attack, an attacker my cause corruption of any file writable by the user of the application. If the application is setuid root, an attacker may cause corruption of any file in the system.

Solution

Contact vendor for patches.

The system administrator could create configuration files for common applications, appropriately named and protected, to forestall the symlink attack, but this would not be a robust fix and may need to be reapplied frequently.

Vendor Information

32448
 

RedHat Affected

Notified:  June 05, 2000 Updated: May 29, 2001

Status

Affected

Vendor Statement

http://www.linuxsecurity.com/advisories/redhat_advisory-470.html

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.


CVSS Metrics

Group Score Vector
Base
Temporal
Environmental

References

Acknowledgements

The initial report of this vulnerability was made by Sebastian Krahmer.

This document was last modified by Tim Shimeall.

Other Information

CVE IDs: CVE-2000-0530
Severity Metric: 3.79
Date Public: 2000-05-29
Date First Published: 2001-05-30
Date Last Updated: 2001-05-30 14:40 UTC
Document Revision: 9

Sponsored by CISA.