Bacheca Debian sulla sicurezza
DSA-155-1 kdelibs -- acquisizione di diritti tramite Konqueror
- Data della segnalazione:
- 17 ago 2002
- Pacchetti coinvolti:
- kdelibs
- Vulnerabile:
- Sì
- Referenze all'interno del database della sicurezza:
- Nel database Bugtraq (presso SecurityFocus): Numero del bug 5410.
Nel dizionario CVE di Mitre: CVE-2002-0970. - Maggiori informazioni:
-
A causa di una valutazione errata in fase di ingegnerizzazione, la libreria SSL di KDE utilizzata da Konqueror, non verifica se un certificato intermedio di una connessione è firmato dalla certificate authority come valido per lo scopo, ma lo accetta se è semplicemente firmato. Questo permette a chiunque abbia un certificato firmato da VeriSign di falsificare un qualsiasi altro certificato SSL di VeriSign utilizzato da un sito, e abusare quindi degli utenti Konqueror.
È stato scoperto un 'exploit' locale a root utilizzando artsd tramite un utilizzo insicuro di una stringa di formato. Questo 'exploit' non può funzionare in Debian poiché artsd non è setuid di root. Sia artsd che artswrapper non hanno bisogno di essere setuid di root in quanto i moderni computer sono sufficientemente veloci da gestire i dati audio in un tempo ragionevole.
Questi problemi sono stati risolti nella versione 2.2.2-13.woody.2 per la attuale versione stable (woody). La precedente distribuzione stable (potato) non ne è affetta in quanto non contiene i pacchetti KDE. La distribuzione unstable (sid) non ha ancora risolto il problema, ma nuovi pacchetti sono attesi per il futuro. La versione che non presenta il problema sarà la 2.2.2-14 o superiore.
Suggeriamo di aggiornare i pacchetti kdelibs e libarts e di fare ripartire Konqueror.
- Risolto in:
-
Debian GNU/Linux 3.0 (woody)
- Sorgente:
- http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_2.2.2-13.woody.2.dsc
- http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_2.2.2-13.woody.2.diff.gz
- http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_2.2.2.orig.tar.gz
- http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_2.2.2-13.woody.2.diff.gz
- Componente indipendente dall'architettura:
- http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-doc_2.2.2-13.woody.2_all.deb
- Alpha:
- http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.2_alpha.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.2_alpha.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.2_alpha.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.2_alpha.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.2_alpha.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.2_alpha.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.2_alpha.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.2_alpha.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.2_alpha.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.2_alpha.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.2_alpha.deb
- ARM:
- http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.2_arm.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.2_arm.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.2_arm.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.2_arm.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.2_arm.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.2_arm.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.2_arm.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.2_arm.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.2_arm.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.2_arm.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.2_arm.deb
- Intel IA-32:
- http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.2_i386.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.2_i386.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.2_i386.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.2_i386.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.2_i386.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.2_i386.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.2_i386.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.2_i386.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.2_i386.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.2_i386.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.2_i386.deb
- Intel IA-64:
- http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.2_ia64.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.2_ia64.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.2_ia64.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.2_ia64.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.2_ia64.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.2_ia64.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.2_ia64.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.2_ia64.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.2_ia64.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.2_ia64.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.2_ia64.deb
- HP Precision:
- http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.2_hppa.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.2_hppa.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.2_hppa.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.2_hppa.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.2_hppa.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.2_hppa.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.2_hppa.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.2_hppa.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.2_hppa.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.2_hppa.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.2_hppa.deb
- Motorola 680x0:
- http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.2_m68k.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.2_m68k.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.2_m68k.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.2_m68k.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.2_m68k.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.2_m68k.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.2_m68k.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.2_m68k.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.2_m68k.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.2_m68k.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.2_m68k.deb
- Big endian MIPS:
- http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.2_mips.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.2_mips.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.2_mips.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.2_mips.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.2_mips.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.2_mips.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.2_mips.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.2_mips.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.2_mips.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.2_mips.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.2_mips.deb
- Little endian MIPS:
- http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.2_mipsel.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.2_mipsel.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.2_mipsel.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.2_mipsel.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.2_mipsel.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.2_mipsel.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.2_mipsel.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.2_mipsel.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.2_mipsel.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.2_mipsel.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.2_mipsel.deb
- PowerPC:
- http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.2_powerpc.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.2_powerpc.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.2_powerpc.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.2_powerpc.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.2_powerpc.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.2_powerpc.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.2_powerpc.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.2_powerpc.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.2_powerpc.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.2_powerpc.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.2_powerpc.deb
- IBM S/390:
- http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.2_s390.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.2_s390.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.2_s390.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.2_s390.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.2_s390.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.2_s390.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.2_s390.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.2_s390.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.2_s390.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.2_s390.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.2_s390.deb
- Sun Sparc:
- http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.2_sparc.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.2_sparc.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.2_sparc.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.2_sparc.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.2_sparc.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.2_sparc.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.2_sparc.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.2_sparc.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.2_sparc.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.2_sparc.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.2_sparc.deb
Somma di controllo MD5 per i file in elenco disponibile nella notizia originale.