84181 2002-11-12 22:21 /75 rader/ Andreas Pour <pour@mieterra.com>
Importerad: 2002-11-12 22:21 av Brevbäraren
Extern mottagare: bugtraq@securityfocus.com
Mottagare: Bugtraq (import) <2360>
Ärende: KDE Security Advisory: rlogin.protocol and telnet.protocol URL KIO Vulnerability
------------------------------------------------------------
KDE Security Advisory: rlogin.protocol and telnet.protocol URL KIO
Vulnerability
Original Release Date: 2002-11-11
URL: http://www.kde.org/info/security/advisory-20021111-1.txt
0. References
None.
1. Systems affected:
All KDE 2 releases starting with KDE 2.1 and all KDE 3
releases (up to 3.0.4).
2. Overview:
KDE provides support for various network protocols via the KIO
subsystem. These protocols are implemented with text files
containing the extension .protocol, normally stored in the
shared/services/ subdirectory under the KDE installation root.
The implementation of the rlogin protocol in all of the
affected systems, and the implementation of the telnet
protocol in affected KDE 2 systems, allows a carefully
crafted URL in an HTML page, HTML email or other KIO-enabled
application to execute arbitrary commands on the system using
the victim's account on the vulnerable machine.
3. Impact:
The vulnerability potentially enables local or remote
attackers to compromise a victim's account and execute
arbitrary commands on the local system with the victim's
privileges, such as erasing files, accessing data or
installing trojans.
4. Solution:
The vulnerability has been fixed in KDE 3.0.5 and a patch is
available for KDE 3.0.4. For affected KDE 3 systems, we
recommend upgrading to KDE 3.0.5, applying the patch provided
or disabling the rlogin protocol.
For affected KDE 2 systems, we recommend disabling both the
rlogin and telnet KIO protocols.
The rlogin protocol vulnerability can be disabled by deleting
any rlogin.protocol files on the system and restarting the
active KDE sessions. The file is usually installed in
[kdeprefix]/share/services/rlogin.protocol ([kdeprefix] is
typically /opt/kde3 or /usr), but copies may exist elsewhere,
such as in users' [kdehome]/share/services directory
([kdehome] is typically the .kde directory in a user's home
directory).
The telnet protocol vulnerability can be similary disabled in
affected KDE 2 systems.
kdelibs-3.0.5 can be downloaded from
http://download.kde.org/stable/3.0.5/src/kdelibs-3.0.5.tar.bz2
:
ff22bd58b91ac34e476c308d345421aa kdelibs-3.0.5.tar.bz2
Some vendors are building binary packages of kdelibs-3.0.5.
Please check your vendors website and the KDE 3.0.5
information page (http://ww.kde.org/info/3.0.5.html)
periodically for availability.
5. Patch:
Patches are available for KDE 3.0.x from the KDE FTP server
(ftp://ftp.kde.org/pub/kde/security_patches/):
5625501819f09510d542142aea7b85ab
post-3.0.4-kdelibs-kio-misc.diff
(84181) /Andreas Pour <pour@mieterra.com>/(Ombruten)