Forum: >>> Magnum BBS <<<

[SECURITY] [DSA 2037-1] New kdm packages fix privilege escalation (1/9)

From Thijs Kinkhorst@1:229/2 to All on Sun Apr 18 00:00:03 2010

From: [email protected]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------ Debian Security Advisory DSA-2037-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst
April 17, 2010 http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package : kdm (kdebase)
Vulnerability : race condition
Problem type : local
Debian-specific: no
CVE Id(s) : CVE-2010-0436

Sebastian Krahmer discovered that a race condition in the KDE Desktop Environment's KDM display manager, allow a local user to elevate privileges
to root.

For the stable distribution (lenny), this problem has been fixed in version 4:3.5.9.dfsg.1-6+lenny1.

For the unstable distribution (sid), this problem will be fixed soon.

We recommend that you upgrade your kdm package.

Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 5.0 alias lenny
- --------------------------------

Source archives:

http://security.debian.org/pool/updates/main/k/kdebase/kdebase_3.5.9.dfsg.1-6+lenny1.diff.gz
Size/MD5 checksum: 1073859 4fcea749b80fe556f2a5b311495c75c6
http://security.debian.org/pool/updates/main/k/kdebase/kdebase_3.5.9.dfsg.1.orig.tar.gz
Size/MD5 checksum: 27978023 497176f651e348722ed8a17bb437ac28
http://security.debian.org/pool/updates/main/k/kdebase/kdebase_3.5.9.dfsg.1-6+lenny1.dsc
Size/MD5 checksum: 2921 a7026a6edffbad1207c03aa7c3e61c41

Architecture independent packages:

http://security.debian.org/pool/updates/main/k/kdebase/kdebase-doc_3.5.9.dfsg.1-6+lenny1_all.deb
Size/MD5 checksum: 1236508 1c9471e67998687a2886b1a3a4aa48fa
http://security.debian.org/pool/updates/main/k/kdebase/kdebase_3.5.9.dfsg.1-6+lenny1_all.deb
Size/MD5 checksum: 38468 17e217191d3060d823d93fef0dde6167
http://security.debian.org/pool/updates/main/k/kdebase/kdeeject_3.5.9.dfsg.1-6+lenny1_all.deb
Size/MD5 checksum: 37684 79bb46efdeb8cd9ef5f6aff2d52d9628
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-doc-html_3.5.9.dfsg.1-6+lenny1_all.deb
Size/MD5 checksum: 376972 ebd58296ec6076d5bda03d3b9ba70fb4
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-data_3.5.9.dfsg.1-6+lenny1_all.deb
Size/MD5 checksum: 10329324 8630741db4aa5464f34b4898f8ccf076

alpha architecture (DEC Alpha)

http://security.debian.org/pool/updates/main/k/kdebase/ksmserver_3.5.9.dfsg.1-6+lenny1_alpha.deb
Size/MD5 checksum: 175838 f13ad37b4c60e2040bb87278682f4a92
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-bin_3.5.9.dfsg.1-6+lenny1_alpha.deb
Size/MD5 checksum: 867022 3a9187bc4a07a069dd443e88075b317c
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-bin-kde3_3.5.9.dfsg.1-6+lenny1_alpha.deb
Size/MD5 checksum: 82734 de29ac13e2ab5c9b426568df4a02b72e
http://security.debian.org/pool/updates/main/k/kdebase/kappfinder_3.5.9.dfsg.1-6+lenny1_alpha.deb
Size/MD5 checksum: 306646 b1865a67c2c742a95b5e92cc2e0521fb
http://security.debian.org/pool/updates/main/k/kdebase/konsole_3.5.9.dfsg.1-6+lenny1_alpha.deb
Size/MD5 checksum: 814728 0ef1b69106998304bf5d0615a5321034
http://security.debian.org/pool/updates/main/k/kdebase/kpersonalizer_3.5.9.dfsg.1-6+lenny1_alpha.deb
Size/MD5 checksum: 504224 0e7f8c4bb8d79eebf9a37f1b944d328b
http://security.debian.org/pool/updates/main/k/kdebase/kcontrol_3.5.9.dfsg.1-6+lenny1_alpha.deb
Size/MD5 checksum: 3330800 1d259a053fc7834bfe8942a6424e8552
http://security.debian.org/pool/updates/main/k/kdebase/kicker_3.5.9.dfsg.1-6+lenny1_alpha.deb
Size/MD5 checksum: 2302904 62984e618ee104f0170721ae7e1fffdc
http://security.debian.org/pool/updates/main/k/kdebase/klipper_3.5.9.dfsg.1-6+lenny1_alpha.deb
Size/MD5 checksum: 304602 0d436a13a44577121cc151d169bc0afe
http://security.debian.org/pool/updates/main/k/kdebase/kfind_3.5.9.dfsg.1-6+lenny1_alpha.deb
Size/MD5 checksum: 210130 eb8a8ac33708c346770bb9b2e02b0c9f
http://security.debian.org/pool/updates/main/k/kdebase/libkonq4_3.5.9.dfsg.1-6+lenny1_alpha.deb
Size/MD5 checksum: 308284 a0d9daf17e9bb0d3c23d346ced50042d
http://security.debian.org/pool/updates/main/k/kdebase/kate_3.5.9.dfsg.1-6+lenny1_alpha.deb
Size/MD5 checksum: 847126 e95618eff4e31a2c97a629112546ec33
http://security.debian.org/pool/updates/main/k/kdebase/libkonq4-dev_3.5.9.dfsg.1-6+lenny1_alpha.deb
Size/MD5 checksum: 63898 547186beda32cf356937e7d2ab075062
http://security.debian.org/pool/updates/main/k/kdebase/kmenuedit_3.5.9.dfsg.1-6+lenny1_alpha.deb
Size/MD5 checksum: 396190 7731e75938a742ada9bd5c9c05f801c3
http://security.debian.org/pool/updates/main/k/kdebase/ksysguardd_3.5.9.dfsg.1-6+lenny1_alpha.deb
Size/MD5 checksum: 78758 00f9d1a70cd95e8886e97a6f0d669286
http://security.debian.org/pool/updates/main/k/kdebase/kdepasswd_3.5.9.dfsg.1-6+lenny1_alpha.deb
Size/MD5 checksum: 247230 354ae04266099a414fd86327c3fd3580
http://security.debian.org/pool/updates/main/k/kdebase/ksysguard_3.5.9.dfsg.1-6+lenny1_alpha.deb
Size/MD5 checksum: 580840 4b4c22af00cbded207589a21066a3a9d
http://security.debian.org/pool/updates/main/k/kdebase/kdm_3.5.9.dfsg.1-6+lenny1_alpha.deb
Size/MD5 checksum: 702970 bd7fab6ece2d0427b341f62fc762925e
http://security.debian.org/pool/updates/main/k/kdebase/kdeprint_3.5.9.dfsg.1-6+lenny1_alpha.deb
Size/MD5 checksum: 1490750 022e473028c8bd4ef71e3ff6f937a39a
http://security.debian.org/pool/updates/main/k/kdebase/kpager_3.5.9.dfsg.1-6+lenny1_alpha.deb
Size/MD5 checksum: 119944 d5bb6fc5e4cd7c19dee70e3224a9b702
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dbg_3.5.9.dfsg.1-6+lenny1_alpha.deb
Size/MD5 checksum: 53307588 be5d89bc19953e43a72e931bfad654a7
http://security.debian.org/pool/updates/main/k/kdebase/ksplash_3.5.9.dfsg.1-6+lenny1_alpha.deb
Size/MD5 checksum: 726830 63a9f4cbd59ca0b4e401ff107998b731
http://security.debian.org/pool/updates/main/k/kdebase/kdesktop_3.5.9.dfsg.1-6+lenny1_alpha.deb

[continued in next message]

--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)

Who's Online
Recent Visitors
- Krenn
  Sun Jun 7 03:07:26 2026
  from Sydney, Nsw via Telnet
- Krenn
  Sun Jun 7 01:30:12 2026
  from Sydney, Nsw via Telnet
- Centurion
  Sat Jun 6 23:27:30 2026
  from Berea, Ohio via Telnet
- Ab Cadd
  Sat Jun 6 15:42:53 2026
  from Sheboygan, Wi via Telnet
- Centurion
  Sat Jun 6 15:32:28 2026
  from Berea, Ohio via Telnet
- Krenn
  Sat Jun 6 11:38:56 2026
  from Sydney, Nsw via Telnet
- Furryboy
  Sat Jun 6 10:56:29 2026
  from Romania, Galati via SSH
- Centurion
  Fri Jun 5 22:28:01 2026
  from Berea, Ohio via Telnet

System Info

Sysop:	Keyop
Location:	Huddersfield, West Yorkshire, UK
Users:	715
Nodes:	16 (0 / 16)
Uptime:	161:42:34
Calls:	12,094
Calls today:	2
Files:	15,000
Messages:	6,517,778

[SECURITY] [DSA 2037-1] New kdm packages fix privilege escalation (1/9)

Who's Online

Recent Visitors

System Info