Debians sikkerhedsbulletin

DSA-692-1 kdenetwork -- designfejl

Rapporteret den:
8. mar 2005
Berørte pakker:
kdenetwork
Sårbar:
Ja
Referencer i sikkerhedsdatabaser:
I Mitres CVE-ordbog: CVE-2005-0205.
Yderligere oplysninger:

KDE-teamet rettede i 2002 en fejl i kppp, som iDEFENCE nu har opdaget kan udnyttes. Ved at åbne et passende stort antal fil-descriptorer før kppp - der er installeret setuid root - udføres, kunne en lokal angriber overtage de priviligerede fil-descriptorer.

I den stabile distribution (woody) er dette problem rettet i version 2.2.2-14.7.

Distributionerne testing (sarge) og unstable (sid) er ikke påvirket, da KDE 3.2 allerede indeholdt rettelsen.

Vi anbefaler at du opgraderer din kppp-pakke.

Rettet i:

Debian GNU/Linux 3.0 (woody)

Kildekode:
http://security.debian.org/pool/updates/main/k/kdenetwork/kdenetwork_2.2.2-14.7.dsc
http://security.debian.org/pool/updates/main/k/kdenetwork/kdenetwork_2.2.2-14.7.diff.gz
http://security.debian.org/pool/updates/main/k/kdenetwork/kdenetwork_2.2.2.orig.tar.gz
Alpha:
http://security.debian.org/pool/updates/main/k/kdenetwork/kdict_2.2.2-14.7_alpha.deb
http://security.debian.org/pool/updates/main/k/kdenetwork/kit_2.2.2-14.7_alpha.deb
http://security.debian.org/pool/updates/main/k/kdenetwork/klisa_2.2.2-14.7_alpha.deb
http://security.debian.org/pool/updates/main/k/kdenetwork/kmail_2.2.2-14.7_alpha.deb
http://security.debian.org/pool/updates/main/k/kdenetwork/knewsticker_2.2.2-14.7_alpha.deb
http://security.debian.org/pool/updates/main/k/kdenetwork/knode_2.2.2-14.7_alpha.deb
http://security.debian.org/pool/updates/main/k/kdenetwork/korn_2.2.2-14.7_alpha.deb
http://security.debian.org/pool/updates/main/k/kdenetwork/kppp_2.2.2-14.7_alpha.deb
http://security.debian.org/pool/updates/main/k/kdenetwork/ksirc_2.2.2-14.7_alpha.deb
http://security.debian.org/pool/updates/main/k/kdenetwork/ktalkd_2.2.2-14.7_alpha.deb
http://security.debian.org/pool/updates/main/k/kdenetwork/libkdenetwork1_2.2.2-14.7_alpha.deb
http://security.debian.org/pool/updates/main/k/kdenetwork/libmimelib-dev_2.2.2-14.7_alpha.deb
http://security.debian.org/pool/updates/main/k/kdenetwork/libmimelib1_2.2.2-14.7_alpha.deb
ARM:
http://security.debian.org/pool/updates/main/k/kdenetwork/kdict_2.2.2-14.7_arm.deb
http://security.debian.org/pool/updates/main/k/kdenetwork/kit_2.2.2-14.7_arm.deb
http://security.debian.org/pool/updates/main/k/kdenetwork/klisa_2.2.2-14.7_arm.deb
http://security.debian.org/pool/updates/main/k/kdenetwork/kmail_2.2.2-14.7_arm.deb
http://security.debian.org/pool/updates/main/k/kdenetwork/knewsticker_2.2.2-14.7_arm.deb
http://security.debian.org/pool/updates/main/k/kdenetwork/knode_2.2.2-14.7_arm.deb
http://security.debian.org/pool/updates/main/k/kdenetwork/korn_2.2.2-14.7_arm.deb
http://security.debian.org/pool/updates/main/k/kdenetwork/kppp_2.2.2-14.7_arm.deb
http://security.debian.org/pool/updates/main/k/kdenetwork/ksirc_2.2.2-14.7_arm.deb
http://security.debian.org/pool/updates/main/k/kdenetwork/ktalkd_2.2.2-14.7_arm.deb
http://security.debian.org/pool/updates/main/k/kdenetwork/libkdenetwork1_2.2.2-14.7_arm.deb
http://security.debian.org/pool/updates/main/k/kdenetwork/libmimelib-dev_2.2.2-14.7_arm.deb
http://security.debian.org/pool/updates/main/k/kdenetwork/libmimelib1_2.2.2-14.7_arm.deb
Intel IA-32:
http://security.debian.org/pool/updates/main/k/kdenetwork/kdict_2.2.2-14.7_i386.deb
http://security.debian.org/pool/updates/main/k/kdenetwork/kit_2.2.2-14.7_i386.deb
http://security.debian.org/pool/updates/main/k/kdenetwork/klisa_2.2.2-14.7_i386.deb
http://security.debian.org/pool/updates/main/k/kdenetwork/kmail_2.2.2-14.7_i386.deb
http://security.debian.org/pool/updates/main/k/kdenetwork/knewsticker_2.2.2-14.7_i386.deb
http://security.debian.org/pool/updates/main/k/kdenetwork/knode_2.2.2-14.7_i386.deb
http://security.debian.org/pool/updates/main/k/kdenetwork/korn_2.2.2-14.7_i386.deb
http://security.debian.org/pool/updates/main/k/kdenetwork/kppp_2.2.2-14.7_i386.deb
http://security.debian.org/pool/updates/main/k/kdenetwork/ksirc_2.2.2-14.7_i386.deb
http://security.debian.org/pool/updates/main/k/kdenetwork/ktalkd_2.2.2-14.7_i386.deb
http://security.debian.org/pool/updates/main/k/kdenetwork/libkdenetwork1_2.2.2-14.7_i386.deb
http://security.debian.org/pool/updates/main/k/kdenetwork/libmimelib-dev_2.2.2-14.7_i386.deb
http://security.debian.org/pool/updates/main/k/kdenetwork/libmimelib1_2.2.2-14.7_i386.deb
Intel IA-64:
http://security.debian.org/pool/updates/main/k/kdenetwork/kdict_2.2.2-14.7_ia64.deb
http://security.debian.org/pool/updates/main/k/kdenetwork/kit_2.2.2-14.7_ia64.deb
http://security.debian.org/pool/updates/main/k/kdenetwork/klisa_2.2.2-14.7_ia64.deb
http://security.debian.org/pool/updates/main/k/kdenetwork/kmail_2.2.2-14.7_ia64.deb
http://security.debian.org/pool/updates/main/k/kdenetwork/knewsticker_2.2.2-14.7_ia64.deb
http://security.debian.org/pool/updates/main/k/kdenetwork/knode_2.2.2-14.7_ia64.deb
http://security.debian.org/pool/updates/main/k/kdenetwork/korn_2.2.2-14.7_ia64.deb
http://security.debian.org/pool/updates/main/k/kdenetwork/kppp_2.2.2-14.7_ia64.deb
http://security.debian.org/pool/updates/main/k/kdenetwork/ksirc_2.2.2-14.7_ia64.deb
http://security.debian.org/pool/updates/main/k/kdenetwork/ktalkd_2.2.2-14.7_ia64.deb
http://security.debian.org/pool/updates/main/k/kdenetwork/libkdenetwork1_2.2.2-14.7_ia64.deb
http://security.debian.org/pool/updates/main/k/kdenetwork/libmimelib-dev_2.2.2-14.7_ia64.deb
http://security.debian.org/pool/updates/main/k/kdenetwork/libmimelib1_2.2.2-14.7_ia64.deb
HPPA:
http://security.debian.org/pool/updates/main/k/kdenetwork/kdict_2.2.2-14.7_hppa.deb
http://security.debian.org/pool/updates/main/k/kdenetwork/kit_2.2.2-14.7_hppa.deb
http://security.debian.org/pool/updates/main/k/kdenetwork/klisa_2.2.2-14.7_hppa.deb
http://security.debian.org/pool/updates/main/k/kdenetwork/kmail_2.2.2-14.7_hppa.deb
http://security.debian.org/pool/updates/main/k/kdenetwork/knewsticker_2.2.2-14.7_hppa.deb
http://security.debian.org/pool/updates/main/k/kdenetwork/knode_2.2.2-14.7_hppa.deb
http://security.debian.org/pool/updates/main/k/kdenetwork/korn_2.2.2-14.7_hppa.deb
http://security.debian.org/pool/updates/main/k/kdenetwork/kppp_2.2.2-14.7_hppa.deb
http://security.debian.org/pool/updates/main/k/kdenetwork/ksirc_2.2.2-14.7_hppa.deb
http://security.debian.org/pool/updates/main/k/kdenetwork/ktalkd_2.2.2-14.7_hppa.deb
http://security.debian.org/pool/updates/main/k/kdenetwork/libkdenetwork1_2.2.2-14.7_hppa.deb
http://security.debian.org/pool/updates/main/k/kdenetwork/libmimelib-dev_2.2.2-14.7_hppa.deb
http://security.debian.org/pool/updates/main/k/kdenetwork/libmimelib1_2.2.2-14.7_hppa.deb
Motorola 680x0:
http://security.debian.org/pool/updates/main/k/kdenetwork/kdict_2.2.2-14.7_m68k.deb
http://security.debian.org/pool/updates/main/k/kdenetwork/kit_2.2.2-14.7_m68k.deb
http://security.debian.org/pool/updates/main/k/kdenetwork/klisa_2.2.2-14.7_m68k.deb
http://security.debian.org/pool/updates/main/k/kdenetwork/kmail_2.2.2-14.7_m68k.deb
http://security.debian.org/pool/updates/main/k/kdenetwork/knewsticker_2.2.2-14.7_m68k.deb
http://security.debian.org/pool/updates/main/k/kdenetwork/knode_2.2.2-14.7_m68k.deb
http://security.debian.org/pool/updates/main/k/kdenetwork/korn_2.2.2-14.7_m68k.deb
http://security.debian.org/pool/updates/main/k/kdenetwork/kppp_2.2.2-14.7_m68k.deb
http://security.debian.org/pool/updates/main/k/kdenetwork/ksirc_2.2.2-14.7_m68k.deb
http://security.debian.org/pool/updates/main/k/kdenetwork/ktalkd_2.2.2-14.7_m68k.deb
http://security.debian.org/pool/updates/main/k/kdenetwork/libkdenetwork1_2.2.2-14.7_m68k.deb
http://security.debian.org/pool/updates/main/k/kdenetwork/libmimelib-dev_2.2.2-14.7_m68k.deb
http://security.debian.org/pool/updates/main/k/kdenetwork/libmimelib1_2.2.2-14.7_m68k.deb
Big endian MIPS:
http://security.debian.org/pool/updates/main/k/kdenetwork/kdict_2.2.2-14.7_mips.deb
http://security.debian.org/pool/updates/main/k/kdenetwork/kit_2.2.2-14.7_mips.deb
http://security.debian.org/pool/updates/main/k/kdenetwork/klisa_2.2.2-14.7_mips.deb
http://security.debian.org/pool/updates/main/k/kdenetwork/kmail_2.2.2-14.7_mips.deb
http://security.debian.org/pool/updates/main/k/kdenetwork/knewsticker_2.2.2-14.7_mips.deb
http://security.debian.org/pool/updates/main/k/kdenetwork/knode_2.2.2-14.7_mips.deb
http://security.debian.org/pool/updates/main/k/kdenetwork/korn_2.2.2-14.7_mips.deb
http://security.debian.org/pool/updates/main/k/kdenetwork/kppp_2.2.2-14.7_mips.deb
http://security.debian.org/pool/updates/main/k/kdenetwork/ksirc_2.2.2-14.7_mips.deb
http://security.debian.org/pool/updates/main/k/kdenetwork/ktalkd_2.2.2-14.7_mips.deb
http://security.debian.org/pool/updates/main/k/kdenetwork/libkdenetwork1_2.2.2-14.7_mips.deb
http://security.debian.org/pool/updates/main/k/kdenetwork/libmimelib-dev_2.2.2-14.7_mips.deb
http://security.debian.org/pool/updates/main/k/kdenetwork/libmimelib1_2.2.2-14.7_mips.deb
Little endian MIPS:
http://security.debian.org/pool/updates/main/k/kdenetwork/kdict_2.2.2-14.7_mipsel.deb
http://security.debian.org/pool/updates/main/k/kdenetwork/kit_2.2.2-14.7_mipsel.deb
http://security.debian.org/pool/updates/main/k/kdenetwork/klisa_2.2.2-14.7_mipsel.deb
http://security.debian.org/pool/updates/main/k/kdenetwork/kmail_2.2.2-14.7_mipsel.deb
http://security.debian.org/pool/updates/main/k/kdenetwork/knewsticker_2.2.2-14.7_mipsel.deb
http://security.debian.org/pool/updates/main/k/kdenetwork/knode_2.2.2-14.7_mipsel.deb
http://security.debian.org/pool/updates/main/k/kdenetwork/korn_2.2.2-14.7_mipsel.deb
http://security.debian.org/pool/updates/main/k/kdenetwork/kppp_2.2.2-14.7_mipsel.deb
http://security.debian.org/pool/updates/main/k/kdenetwork/ksirc_2.2.2-14.7_mipsel.deb
http://security.debian.org/pool/updates/main/k/kdenetwork/ktalkd_2.2.2-14.7_mipsel.deb
http://security.debian.org/pool/updates/main/k/kdenetwork/libkdenetwork1_2.2.2-14.7_mipsel.deb
http://security.debian.org/pool/updates/main/k/kdenetwork/libmimelib-dev_2.2.2-14.7_mipsel.deb
http://security.debian.org/pool/updates/main/k/kdenetwork/libmimelib1_2.2.2-14.7_mipsel.deb
PowerPC:
http://security.debian.org/pool/updates/main/k/kdenetwork/kdict_2.2.2-14.7_powerpc.deb
http://security.debian.org/pool/updates/main/k/kdenetwork/kit_2.2.2-14.7_powerpc.deb
http://security.debian.org/pool/updates/main/k/kdenetwork/klisa_2.2.2-14.7_powerpc.deb
http://security.debian.org/pool/updates/main/k/kdenetwork/kmail_2.2.2-14.7_powerpc.deb
http://security.debian.org/pool/updates/main/k/kdenetwork/knewsticker_2.2.2-14.7_powerpc.deb
http://security.debian.org/pool/updates/main/k/kdenetwork/knode_2.2.2-14.7_powerpc.deb
http://security.debian.org/pool/updates/main/k/kdenetwork/korn_2.2.2-14.7_powerpc.deb
http://security.debian.org/pool/updates/main/k/kdenetwork/kppp_2.2.2-14.7_powerpc.deb
http://security.debian.org/pool/updates/main/k/kdenetwork/ksirc_2.2.2-14.7_powerpc.deb
http://security.debian.org/pool/updates/main/k/kdenetwork/ktalkd_2.2.2-14.7_powerpc.deb
http://security.debian.org/pool/updates/main/k/kdenetwork/libkdenetwork1_2.2.2-14.7_powerpc.deb
http://security.debian.org/pool/updates/main/k/kdenetwork/libmimelib-dev_2.2.2-14.7_powerpc.deb
http://security.debian.org/pool/updates/main/k/kdenetwork/libmimelib1_2.2.2-14.7_powerpc.deb
IBM S/390:
http://security.debian.org/pool/updates/main/k/kdenetwork/kdict_2.2.2-14.7_s390.deb
http://security.debian.org/pool/updates/main/k/kdenetwork/kit_2.2.2-14.7_s390.deb
http://security.debian.org/pool/updates/main/k/kdenetwork/klisa_2.2.2-14.7_s390.deb
http://security.debian.org/pool/updates/main/k/kdenetwork/kmail_2.2.2-14.7_s390.deb
http://security.debian.org/pool/updates/main/k/kdenetwork/knewsticker_2.2.2-14.7_s390.deb
http://security.debian.org/pool/updates/main/k/kdenetwork/knode_2.2.2-14.7_s390.deb
http://security.debian.org/pool/updates/main/k/kdenetwork/korn_2.2.2-14.7_s390.deb
http://security.debian.org/pool/updates/main/k/kdenetwork/kppp_2.2.2-14.7_s390.deb
http://security.debian.org/pool/updates/main/k/kdenetwork/ksirc_2.2.2-14.7_s390.deb
http://security.debian.org/pool/updates/main/k/kdenetwork/ktalkd_2.2.2-14.7_s390.deb
http://security.debian.org/pool/updates/main/k/kdenetwork/libkdenetwork1_2.2.2-14.7_s390.deb
http://security.debian.org/pool/updates/main/k/kdenetwork/libmimelib-dev_2.2.2-14.7_s390.deb
http://security.debian.org/pool/updates/main/k/kdenetwork/libmimelib1_2.2.2-14.7_s390.deb
Sun Sparc:
http://security.debian.org/pool/updates/main/k/kdenetwork/kdict_2.2.2-14.7_sparc.deb
http://security.debian.org/pool/updates/main/k/kdenetwork/kit_2.2.2-14.7_sparc.deb
http://security.debian.org/pool/updates/main/k/kdenetwork/klisa_2.2.2-14.7_sparc.deb
http://security.debian.org/pool/updates/main/k/kdenetwork/kmail_2.2.2-14.7_sparc.deb
http://security.debian.org/pool/updates/main/k/kdenetwork/knewsticker_2.2.2-14.7_sparc.deb
http://security.debian.org/pool/updates/main/k/kdenetwork/knode_2.2.2-14.7_sparc.deb
http://security.debian.org/pool/updates/main/k/kdenetwork/korn_2.2.2-14.7_sparc.deb
http://security.debian.org/pool/updates/main/k/kdenetwork/kppp_2.2.2-14.7_sparc.deb
http://security.debian.org/pool/updates/main/k/kdenetwork/ksirc_2.2.2-14.7_sparc.deb
http://security.debian.org/pool/updates/main/k/kdenetwork/ktalkd_2.2.2-14.7_sparc.deb
http://security.debian.org/pool/updates/main/k/kdenetwork/libkdenetwork1_2.2.2-14.7_sparc.deb
http://security.debian.org/pool/updates/main/k/kdenetwork/libmimelib-dev_2.2.2-14.7_sparc.deb
http://security.debian.org/pool/updates/main/k/kdenetwork/libmimelib1_2.2.2-14.7_sparc.deb

MD5-kontrolsummer for de listede filer findes i den originale sikkerhedsbulletin.