From martin.pitt@canonical.com Wed Sep 7 14:13:35 2005 From: Martin Pitt To: ubuntu-security-announce@lists.ubuntu.com Cc: full-disclosure@lists.grok.org.uk, bugtraq@securityfocus.com Date: Wed, 7 Sep 2005 08:40:16 +0200 Subject: [Full-disclosure] [USN-176-1] kcheckpass vulnerability =========================================================== Ubuntu Security Notice USN-176-1 September 07, 2005 kdebase vulnerability CAN-2005-2494 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 5.04 (Hoary Hedgehog) The following packages are affected: kdebase-bin The problem can be corrected by upgrading the affected package to version 4:3.4.0-0ubuntu18.1. In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Ilja van Sprundel discovered a flaw in the lock file handling of kcheckpass. A local attacker could exploit this to execute arbitrary code with root privileges. Source archives: http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kdebase_3.4.0-0ubuntu18.1.diff.gz Size/MD5: 189597 ef9b4ad4f1e4340a2ecdaad471670b63 http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kdebase_3.4.0-0ubuntu18.1.dsc Size/MD5: 1622 2a0d3a6c1e146f5b54b5e7a20bf58cea http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kdebase_3.4.0.orig.tar.gz Size/MD5: 26947670 31334d21606078a1f1eab1c3a25317e9 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kdebase-data_3.4.0-0ubuntu18.1_all.deb Size/MD5: 4608912 0113ee173e4da0e4d3c233c4288ec667 http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kdebase-doc_3.4.0-0ubuntu18.1_all.deb Size/MD5: 1084404 5715fca77f5f4224c63f78cb1e1b418d http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kdebase_3.4.0-0ubuntu18.1_all.deb Size/MD5: 22020 a5cbdaa9f938a786b3cd74a6396d5e20 http://security.ubuntu.com/ubuntu/pool/universe/k/kdebase/xfonts-konsole_3.4.0-0ubuntu18.1_all.deb Size/MD5: 37918 0440a29214683017d1548827d23216ef amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kappfinder_3.4.0-0ubuntu18.1_amd64.deb Size/MD5: 245308 3ada910e36591419d1f0ba38a232817f http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kate_3.4.0-0ubuntu18.1_amd64.deb Size/MD5: 654580 3cecf0faa5052101ae9b78cdd419c506 http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kcontrol_3.4.0-0ubuntu18.1_amd64.deb Size/MD5: 7957406 298659794585e115ea77e95145b93d13 http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kdebase-bin_3.4.0-0ubuntu18.1_amd64.deb Size/MD5: 1152760 04be6e4170365ee880e3c4e8ec72de78 http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kdebase-dev_3.4.0-0ubuntu18.1_amd64.deb Size/MD5: 60926 4e17272ffd172817699f091f1ba0ef1f http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kdebase-kio-plugins_3.4.0-0ubuntu18.1_amd64.deb Size/MD5: 807684 973dfa2562de81a394d58b5c500998ab http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kdepasswd_3.4.0-0ubuntu18.1_amd64.deb Size/MD5: 227036 e8df4158d5c12c4f6002a8025244fc62 http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kdeprint_3.4.0-0ubuntu18.1_amd64.deb Size/MD5: 1100276 bb6d55387499b8a346a851670dfd93c4 http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kdesktop_3.4.0-0ubuntu18.1_amd64.deb Size/MD5: 739976 312fb8213a0d25275fdac66bd048b2e1 http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kdm_3.4.0-0ubuntu18.1_amd64.deb Size/MD5: 670860 ac2219d79ad555f1099657708f2eb1c4 http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kfind_3.4.0-0ubuntu18.1_amd64.deb Size/MD5: 185742 b072ff11f1270bcac9d9f207ae4c5cf5 http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/khelpcenter_3.4.0-0ubuntu18.1_amd64.deb Size/MD5: 1784494 ddc8fafc29b6b807eebdd382b5160318 http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kicker_3.4.0-0ubuntu18.1_amd64.deb Size/MD5: 1805694 10da13879440693317057681f8bb684e http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/klipper_3.4.0-0ubuntu18.1_amd64.deb Size/MD5: 245018 eadf78db296c0129e13fadec01881a0b http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kmenuedit_3.4.0-0ubuntu18.1_amd64.deb Size/MD5: 206766 f7bf70a03730ddebc1563ba840b5fe3b http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/konqueror-nsplugins_3.4.0-0ubuntu18.1_amd64.deb Size/MD5: 135228 1660abe0a875b18ec26adcb3caec13c1 http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/konqueror_3.4.0-0ubuntu18.1_amd64.deb Size/MD5: 2081982 911b6550bef1e7bc5bff918061d3a9c2 http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/konsole_3.4.0-0ubuntu18.1_amd64.deb Size/MD5: 596520 8b2805d0f76e45f08103f43674ed1f55 http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kpager_3.4.0-0ubuntu18.1_amd64.deb Size/MD5: 100464 008c6c9414412a5641a2bae5a64c2890 http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kpersonalizer_3.4.0-0ubuntu18.1_amd64.deb Size/MD5: 473208 148899c8aef9076a3287675d93dadb61 http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/ksmserver_3.4.0-0ubuntu18.1_amd64.deb Size/MD5: 141976 eaa0af4be4cb4727ed5854df7232db57 http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/ksplash_3.4.0-0ubuntu18.1_amd64.deb Size/MD5: 810978 117ba62ec5d6d5c3cdd6323ef1e7fea8 http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/ksysguard_3.4.0-0ubuntu18.1_amd64.deb Size/MD5: 490268 e818c40bca8b27f7a3224ba3b7eaedd5 http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/ksysguardd_3.4.0-0ubuntu18.1_amd64.deb Size/MD5: 56574 cb547d5e454dce4a4ca331d46767113e http://security.ubuntu.com/ubuntu/pool/universe/k/kdebase/ktip_3.4.0-0ubuntu18.1_amd64.deb Size/MD5: 80366 7dd62d3608942e013539a232f791fa4e http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kwin_3.4.0-0ubuntu18.1_amd64.deb Size/MD5: 1013698 b164b1536692f0da325cd5f8e1f465b5 http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/libkonq4-dev_3.4.0-0ubuntu18.1_amd64.deb Size/MD5: 48506 27836a23f9ace627a9fa8b15b4b2222a http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/libkonq4_3.4.0-0ubuntu18.1_amd64.deb Size/MD5: 261854 3fca1d953eafbbbf6b34d8640182c78f i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kappfinder_3.4.0-0ubuntu18.1_i386.deb Size/MD5: 243636 918ec94ab285f5d657984473124a62d4 http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kate_3.4.0-0ubuntu18.1_i386.deb Size/MD5: 630558 95cadd77d3c3205f365a7e94a22aaa39 http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kcontrol_3.4.0-0ubuntu18.1_i386.deb Size/MD5: 7786958 40bad975b2e41a97e1acbf69aa730fb5 http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kdebase-bin_3.4.0-0ubuntu18.1_i386.deb Size/MD5: 1071180 6378932ae74ee615b79c031e8f304cc1 http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kdebase-dev_3.4.0-0ubuntu18.1_i386.deb Size/MD5: 60946 575260572e38319d0834d927a23e6b45 http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kdebase-kio-plugins_3.4.0-0ubuntu18.1_i386.deb Size/MD5: 738706 3fb9a5273ae5c9eecf604a57e7339413 http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kdepasswd_3.4.0-0ubuntu18.1_i386.deb Size/MD5: 222460 4a3d47678b68de18ea89364f4ca92af5 http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kdeprint_3.4.0-0ubuntu18.1_i386.deb Size/MD5: 1085444 0a1e0f0c45634f96bbc715a0edc229ff http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kdesktop_3.4.0-0ubuntu18.1_i386.deb Size/MD5: 717412 b02564f2d21bc57cd717b7d283802c7d http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kdm_3.4.0-0ubuntu18.1_i386.deb Size/MD5: 634514 eab29e7535d683ee2b220e1311cf124f http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kfind_3.4.0-0ubuntu18.1_i386.deb Size/MD5: 175986 1fa716a00f654cc00647b03cb1ce3ffd http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/khelpcenter_3.4.0-0ubuntu18.1_i386.deb Size/MD5: 1769482 a8aaaed37eb92c8dd02e6481bb69a65b http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kicker_3.4.0-0ubuntu18.1_i386.deb Size/MD5: 1692040 71055e6b7d3a5076bbcf6331bd3db5c0 http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/klipper_3.4.0-0ubuntu18.1_i386.deb Size/MD5: 230744 8b20452027172dffc46db7a1806e1e46 http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kmenuedit_3.4.0-0ubuntu18.1_i386.deb Size/MD5: 198292 a5d990fe9d103db4b57f9a037542e243 http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/konqueror-nsplugins_3.4.0-0ubuntu18.1_i386.deb Size/MD5: 123954 7f107b6af937beba00545d430c985da0 http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/konqueror_3.4.0-0ubuntu18.1_i386.deb Size/MD5: 2008614 66e6f0df925157f643f8dd1eddec39cc http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/konsole_3.4.0-0ubuntu18.1_i386.deb Size/MD5: 570722 0ffb5270fb29e8f988710b5a8f98a19e http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kpager_3.4.0-0ubuntu18.1_i386.deb Size/MD5: 95632 06b90b69388a175e3171ef209bfd527c http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kpersonalizer_3.4.0-0ubuntu18.1_i386.deb Size/MD5: 465656 b8f70ffc77bcab68810eab048f868b41 http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/ksmserver_3.4.0-0ubuntu18.1_i386.deb Size/MD5: 137194 056c28e0e755df262f2ce8ffcf0c1087 http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/ksplash_3.4.0-0ubuntu18.1_i386.deb Size/MD5: 799634 442a641c3300bab664ed57f1d2bc236f http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/ksysguard_3.4.0-0ubuntu18.1_i386.deb Size/MD5: 464888 499d51f7f6d354f2e0f48f0e39456ce9 http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/ksysguardd_3.4.0-0ubuntu18.1_i386.deb Size/MD5: 49706 d20e7d609588e5eeed182199ecfa7be8 http://security.ubuntu.com/ubuntu/pool/universe/k/kdebase/ktip_3.4.0-0ubuntu18.1_i386.deb Size/MD5: 79964 e6ac80c11b310b2c5a2e6669246b87c5 http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kwin_3.4.0-0ubuntu18.1_i386.deb Size/MD5: 959566 eef18f77ec369d6e485c6bfb78b14743 http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/libkonq4-dev_3.4.0-0ubuntu18.1_i386.deb Size/MD5: 48512 db47172170a5c677303871d536b383ce http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/libkonq4_3.4.0-0ubuntu18.1_i386.deb Size/MD5: 248620 98417644f71673543c811d88ad0788a1 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kappfinder_3.4.0-0ubuntu18.1_powerpc.deb Size/MD5: 244436 af64c35adf77542c865dd6abf31fb90f http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kate_3.4.0-0ubuntu18.1_powerpc.deb Size/MD5: 631810 b0301b8f7e21534c137bba669cd9a7f2 http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kcontrol_3.4.0-0ubuntu18.1_powerpc.deb Size/MD5: 7804952 06f0fb4e4808c64983d642c046fa4061 http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kdebase-bin_3.4.0-0ubuntu18.1_powerpc.deb Size/MD5: 1079800 3e543998c714a4d051de93f9faf4eb36 http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kdebase-dev_3.4.0-0ubuntu18.1_powerpc.deb Size/MD5: 60946 696585e41ac93cf47764f3b238c61f42 http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kdebase-kio-plugins_3.4.0-0ubuntu18.1_powerpc.deb Size/MD5: 799872 f22ae65da25b42068c83e14e85060491 http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kdepasswd_3.4.0-0ubuntu18.1_powerpc.deb Size/MD5: 223102 c18044dc5efb93b4c3373f3eea2b60d4 http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kdeprint_3.4.0-0ubuntu18.1_powerpc.deb Size/MD5: 1098416 01e580d3040f9b8ec7b62ab680d351a2 http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kdesktop_3.4.0-0ubuntu18.1_powerpc.deb Size/MD5: 718630 5c555007dc2f98ee828b59cef2b60577 http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kdm_3.4.0-0ubuntu18.1_powerpc.deb Size/MD5: 653004 96b6f37ea5a827658eeb951621f1f579 http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kfind_3.4.0-0ubuntu18.1_powerpc.deb Size/MD5: 170902 a6ed6227ccc3cf259658b5da266744eb http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/khelpcenter_3.4.0-0ubuntu18.1_powerpc.deb Size/MD5: 1771324 1c53b10d7006d24951a80453fb94f293 http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kicker_3.4.0-0ubuntu18.1_powerpc.deb Size/MD5: 1717592 2f35ec7c11c15081c1fc9ce1762da732 http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/klipper_3.4.0-0ubuntu18.1_powerpc.deb Size/MD5: 231854 7e638541d6544f57f923f6ccc0f80897 http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kmenuedit_3.4.0-0ubuntu18.1_powerpc.deb Size/MD5: 200714 9c8dd3fa405e452074bea38f9b31c00a http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/konqueror-nsplugins_3.4.0-0ubuntu18.1_powerpc.deb Size/MD5: 131298 78fae495e8309207e57f4f46306ecf0a http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/konqueror_3.4.0-0ubuntu18.1_powerpc.deb Size/MD5: 2012516 fb153ce573d97b857a08dc58fa7e9c59 http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/konsole_3.4.0-0ubuntu18.1_powerpc.deb Size/MD5: 564162 8e5de803fe86874cc33d212baae87179 http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kpager_3.4.0-0ubuntu18.1_powerpc.deb Size/MD5: 96374 aa97874b91518d8d66308a50b3dc201c http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kpersonalizer_3.4.0-0ubuntu18.1_powerpc.deb Size/MD5: 467124 68c31feb7dd8a26de7bb075b9a0d1b0c http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/ksmserver_3.4.0-0ubuntu18.1_powerpc.deb Size/MD5: 139774 489baff2db71e52ceb1ed5e827802530 http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/ksplash_3.4.0-0ubuntu18.1_powerpc.deb Size/MD5: 805526 e012ddec4b5f914f58c2f9f031de34e4 http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/ksysguard_3.4.0-0ubuntu18.1_powerpc.deb Size/MD5: 446210 6f04d174490eb50b51d8352467596496 http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/ksysguardd_3.4.0-0ubuntu18.1_powerpc.deb Size/MD5: 56470 cc93080f937f6151a9c801f3a1244446 http://security.ubuntu.com/ubuntu/pool/universe/k/kdebase/ktip_3.4.0-0ubuntu18.1_powerpc.deb Size/MD5: 81600 d8dd62440835ce0e6e0383d61748e289 http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kwin_3.4.0-0ubuntu18.1_powerpc.deb Size/MD5: 970236 d9dfc1fa308154205287135a05a488e1 http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/libkonq4-dev_3.4.0-0ubuntu18.1_powerpc.deb Size/MD5: 48520 2d30de2144632620bfa64071e33d3632 http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/libkonq4_3.4.0-0ubuntu18.1_powerpc.deb Size/MD5: 244346 5d20d126639357d0008a9d08165d056b [ Part 1.2, "Digital signature" Application/PGP-SIGNATURE ] [ 196bytes. ] [ Unable to print this part. ] [ Part 2: "Attached Text" ] _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/