search menu icon-carat-right cmu-wordmark

CERT Coordination Center

KDE2 kdesu 'keep password' option does not verify socket listener potentially exposing su password

Vulnerability Note VU#982616

Original Release Date: 2001-05-17 | Last Revised: 2001-08-01

Overview

kdesu is a interactive interface to the substitute user (su) command for the KDE environment. To pass authentication information, it creates a file that may be read by unauthorized users.

Description

kdesu communicates with su using a socket, implemented as a file in /tmp with a predictable name. In this file is placed authenticating information for the effective user that the kdesu user wishes to become (often root).

Impact

By using a symbolic link attack, an attacker may be able to capture usernames and passwords.

Solution

Apply vendor patches; see the Systems Affected section below.

Creating files in /tmp with appropriate names may block the symbolic link attack, but it may also prevent kdesu from operating properly. It will not be a robust fix.

Vendor Information

982616
 

CVSS Metrics

Group Score Vector
Base
Temporal
Environmental

References

Acknowledgements

Initial information on this vulnerability came from a statement by Caldera Systems.

This document was last modified by Tim Shimeall.

Other Information

CVE IDs: CVE-2001-0178
Severity Metric: 8.10
Date Public: 2001-01-23
Date First Published: 2001-05-17
Date Last Updated: 2001-08-01 18:28 UTC
Document Revision: 11

Sponsored by CISA.