Boletines de Vulnerabilidades |
Múltiples vulnerabilidades en KDM de Linux / UNIX |
|
Clasificación de la vulnerabilidad |
|
Propiedad | Valor |
Nivel de Confianza | Oficial |
Impacto | Obtener acceso |
Dificultad | Avanzado |
Requerimientos del atacante | Acceso remoto sin cuenta a un servicio exotico |
Información sobre el sistema |
|
Propiedad | Valor |
Fabricante afectado | GNU/Linux |
Software afectado | KDE <= 3.1.3 |
Descripción |
|
Se han descubierto dos vulnerabilidades en el gestor de conexiones gráficas "KDM" contenido en el entorno KDE de Linux/Unix. Estos fallos residen en la función "pam_setcred()" y en el algoritmo de generación de cookies de sesión de las versiones KDE anteriores a la 3.1.3 y pueden permitir a un usuario malicioso con cuenta en el sistema ganar privilegios de superusuario, o a un atacante remoto secuestrar una sesión activa. | |
Solución |
|
Aplique los mecanismos de actualización propios de su distribución, o bien obtenga las fuentes del software y compílelo usted mismo Actualización de software Parches para las fuentes de KDE KDE 2.2.2 ftp://ftp.kde.org/pub/kde/security_patches/post-2.2.2-kdebase-kdm.patch KDE 3.0.5b ftp://ftp.kde.org/pub/kde/security_patches/post-3.0.5-kdebase-kdm.patch KDE 3.1.3 ftp://ftp.kde.org/pub/kde/security_patches/post-3.1.3-kdebase-kdm.patch Red Hat Linux Red Hat Linux 7.1 i386 ftp://updates.redhat.com/7.1/en/os/i386/kdebase-2.2.2-0.71.5.i386.rpm ftp://updates.redhat.com/7.1/en/os/kdebase-devel-2.2.2-0.71.5.i386.rpm Red Hat Linux 7.2 i386 ftp://updates.redhat.com/7.2/en/os/i386/kdebase-2.2.2-11.i386.rpm ftp://updates.redhat.com/7.2/en/os/i386/kdebase-devel-2.2.2-11.i386.rpm ia64 ftp://updates.redhat.com/7.2/en/os/ia64/kdebase-2.2.2-11.ia64.rpm ftp://updates.redhat.com/7.2/en/os/ia64/kdebase-devel-2.2.2-11.ia64.rpm Red Hat Linux 7.3 i386: ftp://updates.redhat.com/7.3/en/os/i386:i386/kdebase-3.0.5a-0.73.4.i386.rpm ftp://updates.redhat.com/7.3/en/os/i386/kdebase-devel-3.0.5a-0.73.4.i386.rpm Red Hat Linux 8.0: i386 ftp://updates.redhat.com/8.0/en/os/i386/kdebase-3.0.5a-9.i386.rpm ftp://updates.redhat.com/8.0/en/os/i386/kdebase-devel-3.0.5a-9.i386.rpm Red Hat Linux 9: i386 ftp://updates.redhat.com/9/en/os/i386/kdebase-3.1-15.i386.rpm ftp://updates.redhat.com/9/en/os/i386/kdebase-devel-3.1-15.i386.rpm Mandrake Linux Mandrake Linux Corporate Server 2.1 i586 ftp://ftp.linux.tucows.com/pub/distributions/Mandrake/Mandrake/updates/corporate/2.1/RPMS/kdebase-3.0.5a-1.4mdk.i586.rpm ftp://ftp.linux.tucows.com/pub/distributions/Mandrake/Mandrake/updates/corporate/2.1/RPMS/kdebase-devel-3.0.5a-1.4mdk.i586.rpm ftp://ftp.linux.tucows.com/pub/distributions/Mandrake/Mandrake/updates/corporate/2.1/RPMS/kdebase-nsplugins-3.0.5a-1.4mdk.i586.rpm x86_64 ftp://ftp.linux.tucows.com/pub/distributions/Mandrake/Mandrake/updates/x86_64/corporate/2.1/RPMS/kdebase-3.0.5-2.2mdk.x86_64.rpm ftp://ftp.linux.tucows.com/pub/distributions/Mandrake/Mandrake/updates/x86_64/corporate/2.1/RPMS/kdebase-devel-3.0.5-2.2mdk.x86_64.rpm ftp://ftp.linux.tucows.com/pub/distributions/Mandrake/Mandrake/updates/x86_64/corporate/2.1/RPMS/kdebase-nsplugins-3.0.5-2.2mdk.x86_64.rpm Mandrake Linux 9.0 i586 ftp://ftp.linux.tucows.com/pub/distributions/Mandrake/Mandrake/updates/9.0/RPMS/kdebase-3.0.5a-1.4mdk.i586.rpm ftp://ftp.linux.tucows.com/pub/distributions/Mandrake/Mandrake/updates/9.0/RPMS/kdebase-devel-3.0.5a-1.4mdk.i586.rpm ftp://ftp.linux.tucows.com/pub/distributions/Mandrake/Mandrake/updates/9.0/RPMS/kdebase-nsplugins-3.0.5a-1.4mdk.i586.rpm Mandrake Linux 9.1 i586 ftp://ftp.linux.tucows.com/pub/distributions/Mandrake/Mandrake/updates/9.1/RPMS/kdebase-3.1-83.5mdk.i586.rpm ftp://ftp.linux.tucows.com/pub/distributions/Mandrake/Mandrake/updates/9.1/RPMS/kdebase-devel-3.1-83.5mdk.i586.rpm ftp://ftp.linux.tucows.com/pub/distributions/Mandrake/Mandrake/updates/9.1/RPMS/kdebase-kdm-3.1-83.5mdk.i586.rpm ftp://ftp.linux.tucows.com/pub/distributions/Mandrake/Mandrake/updates/9.1/RPMS/kdebase-nsplugins-3.1-83.5mdk.i586.rpm ftp://ftp.linux.tucows.com/pub/distributions/Mandrake/Mandrake/updates/9.1/RPMS/mdkkdm-9.1-24.2mdk.i586.rpm PPC ftp://ftp.linux.tucows.com/pub/distributions/Mandrake/Mandrake/updates/ppc/9.1/RPMS/kdebase-3.1-83.5mdk.ppc.rpm ftp://ftp.linux.tucows.com/pub/distributions/Mandrake/Mandrake/updates/ppc/9.1/RPMS/kdebase-devel-3.1-83.5mdk.ppc.rpm ftp://ftp.linux.tucows.com/pub/distributions/Mandrake/Mandrake/updates/ppc/9.1/RPMS/kdebase-kdm-3.1-83.5mdk.ppc.rpm ftp://ftp.linux.tucows.com/pub/distributions/Mandrake/Mandrake/updates/ppc/9.1/RPMS/kdebase-nsplugins-3.1-83.5mdk.ppc.rpm ftp://ftp.linux.tucows.com/pub/distributions/Mandrake/Mandrake/updates/ppc/9.1/RPMS/mdkkdm-9.1-24.2mdk.ppc.rpm Debian Linux Debian Linux 3.0 "Woody" Source http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.7.dsc http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.7.diff.gz http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2.orig.tar.gz Componentes independientes de arquitectura http://security.debian.org/pool/updates/main/k/kdebase/kdebase-doc_2.2.2-14.7_all.deb http://security.debian.org/pool/updates/main/k/kdebase/kdewallpapers_2.2.2-14.7_all.deb Alpha http://security.debian.org/pool/updates/main/k/kdebase/kate_2.2.2-14.7_alpha.deb http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.7_alpha.deb http://security.debian.org/pool/updates/main/k/kdebase/kdebase-audiolibs_2.2.2-14.7_alpha.deb http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dev_2.2.2-14.7_alpha.deb http://security.debian.org/pool/updates/main/k/kdebase/kdebase-libs_2.2.2-14.7_alpha.deb http://security.debian.org/pool/updates/main/k/kdebase/kdm_2.2.2-14.7_alpha.deb http://security.debian.org/pool/updates/main/k/kdebase/konqueror_2.2.2-14.7_alpha.deb http://security.debian.org/pool/updates/main/k/kdebase/konsole_2.2.2-14.7_alpha.deb http://security.debian.org/pool/updates/main/k/kdebase/kscreensaver_2.2.2-14.7_alpha.deb http://security.debian.org/pool/updates/main/k/kdebase/libkonq-dev_2.2.2-14.7_alpha.deb http://security.debian.org/pool/updates/main/k/kdebase/libkonq3_2.2.2-14.7_alpha.deb ARM http://security.debian.org/pool/updates/main/k/kdebase/kate_2.2.2-14.7_arm.deb http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.7_arm.deb http://security.debian.org/pool/updates/main/k/kdebase/kdebase-audiolibs_2.2.2-14.7_arm.deb http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dev_2.2.2-14.7_arm.deb http://security.debian.org/pool/updates/main/k/kdebase/kdebase-libs_2.2.2-14.7_arm.deb http://security.debian.org/pool/updates/main/k/kdebase/kdm_2.2.2-14.7_arm.deb http://security.debian.org/pool/updates/main/k/kdebase/konqueror_2.2.2-14.7_arm.deb http://security.debian.org/pool/updates/main/k/kdebase/konsole_2.2.2-14.7_arm.deb http://security.debian.org/pool/updates/main/k/kdebase/kscreensaver_2.2.2-14.7_arm.deb http://security.debian.org/pool/updates/main/k/kdebase/libkonq-dev_2.2.2-14.7_arm.deb http://security.debian.org/pool/updates/main/k/kdebase/libkonq3_2.2.2-14.7_arm.deb Intel IA-32 http://security.debian.org/pool/updates/main/k/kdebase/kate_2.2.2-14.7_i386.deb http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.7_i386.deb http://security.debian.org/pool/updates/main/k/kdebase/kdebase-audiolibs_2.2.2-14.7_i386.deb http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dev_2.2.2-14.7_i386.deb http://security.debian.org/pool/updates/main/k/kdebase/kdebase-libs_2.2.2-14.7_i386.deb http://security.debian.org/pool/updates/main/k/kdebase/kdm_2.2.2-14.7_i386.deb http://security.debian.org/pool/updates/main/k/kdebase/konqueror_2.2.2-14.7_i386.deb http://security.debian.org/pool/updates/main/k/kdebase/konsole_2.2.2-14.7_i386.deb http://security.debian.org/pool/updates/main/k/kdebase/kscreensaver_2.2.2-14.7_i386.deb http://security.debian.org/pool/updates/main/k/kdebase/libkonq-dev_2.2.2-14.7_i386.deb http://security.debian.org/pool/updates/main/k/kdebase/libkonq3_2.2.2-14.7_i386.deb Intel IA-64 http://security.debian.org/pool/updates/main/k/kdebase/kate_2.2.2-14.7_ia64.deb http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.7_ia64.deb http://security.debian.org/pool/updates/main/k/kdebase/kdebase-audiolibs_2.2.2-14.7_ia64.deb http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dev_2.2.2-14.7_ia64.deb http://security.debian.org/pool/updates/main/k/kdebase/kdebase-libs_2.2.2-14.7_ia64.deb http://security.debian.org/pool/updates/main/k/kdebase/kdm_2.2.2-14.7_ia64.deb http://security.debian.org/pool/updates/main/k/kdebase/konqueror_2.2.2-14.7_ia64.deb http://security.debian.org/pool/updates/main/k/kdebase/konsole_2.2.2-14.7_ia64.deb http://security.debian.org/pool/updates/main/k/kdebase/kscreensaver_2.2.2-14.7_ia64.deb http://security.debian.org/pool/updates/main/k/kdebase/libkonq-dev_2.2.2-14.7_ia64.deb http://security.debian.org/pool/updates/main/k/kdebase/libkonq3_2.2.2-14.7_ia64.deb HPPA http://security.debian.org/pool/updates/main/k/kdebase/kate_2.2.2-14.7_hppa.deb http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.7_hppa.deb http://security.debian.org/pool/updates/main/k/kdebase/kdebase-audiolibs_2.2.2-14.7_hppa.deb http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dev_2.2.2-14.7_hppa.deb http://security.debian.org/pool/updates/main/k/kdebase/kdebase-libs_2.2.2-14.7_hppa.deb http://security.debian.org/pool/updates/main/k/kdebase/kdm_2.2.2-14.7_hppa.deb http://security.debian.org/pool/updates/main/k/kdebase/konqueror_2.2.2-14.7_hppa.deb http://security.debian.org/pool/updates/main/k/kdebase/konsole_2.2.2-14.7_hppa.deb http://security.debian.org/pool/updates/main/k/kdebase/kscreensaver_2.2.2-14.7_hppa.deb http://security.debian.org/pool/updates/main/k/kdebase/libkonq-dev_2.2.2-14.7_hppa.deb http://security.debian.org/pool/updates/main/k/kdebase/libkonq3_2.2.2-14.7_hppa.deb Motorola 680x0 http://security.debian.org/pool/updates/main/k/kdebase/kate_2.2.2-14.7_m68k.deb http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.7_m68k.deb http://security.debian.org/pool/updates/main/k/kdebase/kdebase-audiolibs_2.2.2-14.7_m68k.deb http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dev_2.2.2-14.7_m68k.deb http://security.debian.org/pool/updates/main/k/kdebase/kdebase-libs_2.2.2-14.7_m68k.deb http://security.debian.org/pool/updates/main/k/kdebase/kdm_2.2.2-14.7_m68k.deb http://security.debian.org/pool/updates/main/k/kdebase/konqueror_2.2.2-14.7_m68k.deb http://security.debian.org/pool/updates/main/k/kdebase/konsole_2.2.2-14.7_m68k.deb http://security.debian.org/pool/updates/main/k/kdebase/kscreensaver_2.2.2-14.7_m68k.deb http://security.debian.org/pool/updates/main/k/kdebase/libkonq-dev_2.2.2-14.7_m68k.deb http://security.debian.org/pool/updates/main/k/kdebase/libkonq3_2.2.2-14.7_m68k.deb Big endian MIPS http://security.debian.org/pool/updates/main/k/kdebase/kate_2.2.2-14.7_mips.deb http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.7_mips.deb http://security.debian.org/pool/updates/main/k/kdebase/kdebase-audiolibs_2.2.2-14.7_mips.deb http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dev_2.2.2-14.7_mips.deb http://security.debian.org/pool/updates/main/k/kdebase/kdebase-libs_2.2.2-14.7_mips.deb http://security.debian.org/pool/updates/main/k/kdebase/kdm_2.2.2-14.7_mips.deb http://security.debian.org/pool/updates/main/k/kdebase/konqueror_2.2.2-14.7_mips.deb http://security.debian.org/pool/updates/main/k/kdebase/konsole_2.2.2-14.7_mips.deb http://security.debian.org/pool/updates/main/k/kdebase/kscreensaver_2.2.2-14.7_mips.deb http://security.debian.org/pool/updates/main/k/kdebase/libkonq-dev_2.2.2-14.7_mips.deb http://security.debian.org/pool/updates/main/k/kdebase/libkonq3_2.2.2-14.7_mips.deb Little endian MIPS http://security.debian.org/pool/updates/main/k/kdebase/kate_2.2.2-14.7_mipsel.deb http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.7_mipsel.deb http://security.debian.org/pool/updates/main/k/kdebase/kdebase-audiolibs_2.2.2-14.7_mipsel.deb http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dev_2.2.2-14.7_mipsel.deb http://security.debian.org/pool/updates/main/k/kdebase/kdebase-libs_2.2.2-14.7_mipsel.deb http://security.debian.org/pool/updates/main/k/kdebase/kdm_2.2.2-14.7_mipsel.deb http://security.debian.org/pool/updates/main/k/kdebase/konqueror_2.2.2-14.7_mipsel.deb http://security.debian.org/pool/updates/main/k/kdebase/konsole_2.2.2-14.7_mipsel.deb http://security.debian.org/pool/updates/main/k/kdebase/kscreensaver_2.2.2-14.7_mipsel.deb http://security.debian.org/pool/updates/main/k/kdebase/libkonq-dev_2.2.2-14.7_mipsel.deb http://security.debian.org/pool/updates/main/k/kdebase/libkonq3_2.2.2-14.7_mipsel.deb PowerPC http://security.debian.org/pool/updates/main/k/kdebase/kate_2.2.2-14.7_powerpc.deb http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.7_powerpc.deb http://security.debian.org/pool/updates/main/k/kdebase/kdebase-audiolibs_2.2.2-14.7_powerpc.deb http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dev_2.2.2-14.7_powerpc.deb http://security.debian.org/pool/updates/main/k/kdebase/kdebase-libs_2.2.2-14.7_powerpc.deb http://security.debian.org/pool/updates/main/k/kdebase/kdm_2.2.2-14.7_powerpc.deb http://security.debian.org/pool/updates/main/k/kdebase/konqueror_2.2.2-14.7_powerpc.deb http://security.debian.org/pool/updates/main/k/kdebase/konsole_2.2.2-14.7_powerpc.deb http://security.debian.org/pool/updates/main/k/kdebase/kscreensaver_2.2.2-14.7_powerpc.deb http://security.debian.org/pool/updates/main/k/kdebase/libkonq-dev_2.2.2-14.7_powerpc.deb http://security.debian.org/pool/updates/main/k/kdebase/libkonq3_2.2.2-14.7_powerpc.deb IBM S/390 http://security.debian.org/pool/updates/main/k/kdebase/kate_2.2.2-14.7_s390.deb http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.7_s390.deb http://security.debian.org/pool/updates/main/k/kdebase/kdebase-audiolibs_2.2.2-14.7_s390.deb http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dev_2.2.2-14.7_s390.deb http://security.debian.org/pool/updates/main/k/kdebase/kdebase-libs_2.2.2-14.7_s390.deb http://security.debian.org/pool/updates/main/k/kdebase/kdm_2.2.2-14.7_s390.deb http://security.debian.org/pool/updates/main/k/kdebase/konqueror_2.2.2-14.7_s390.deb http://security.debian.org/pool/updates/main/k/kdebase/konsole_2.2.2-14.7_s390.deb http://security.debian.org/pool/updates/main/k/kdebase/kscreensaver_2.2.2-14.7_s390.deb http://security.debian.org/pool/updates/main/k/kdebase/libkonq-dev_2.2.2-14.7_s390.deb http://security.debian.org/pool/updates/main/k/kdebase/libkonq3_2.2.2-14.7_s390.deb Sun Sparc http://security.debian.org/pool/updates/main/k/kdebase/kate_2.2.2-14.7_sparc.deb http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.7_sparc.deb http://security.debian.org/pool/updates/main/k/kdebase/kdebase-audiolibs_2.2.2-14.7_sparc.deb http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dev_2.2.2-14.7_sparc.deb http://security.debian.org/pool/updates/main/k/kdebase/kdebase-libs_2.2.2-14.7_sparc.deb http://security.debian.org/pool/updates/main/k/kdebase/kdm_2.2.2-14.7_sparc.deb http://security.debian.org/pool/updates/main/k/kdebase/konqueror_2.2.2-14.7_sparc.deb http://security.debian.org/pool/updates/main/k/kdebase/konsole_2.2.2-14.7_sparc.deb http://security.debian.org/pool/updates/main/k/kdebase/kscreensaver_2.2.2-14.7_sparc.deb http://security.debian.org/pool/updates/main/k/kdebase/libkonq-dev_2.2.2-14.7_sparc.deb http://security.debian.org/pool/updates/main/k/kdebase/libkonq3_2.2.2-14.7_sparc.deb |
|
Identificadores estándar |
|
Propiedad | Valor |
CVE |
CAN-2003-0690 CAN-2003-0692 |
BID | |
Recursos adicionales |
|
Debian Security Advisory DSA-388 http://www.debian.org/security/2003/dsa-388 Mandrake security advisory MDKSA-2003:091 http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:091 Red Hat security advisory RHSA-2003:269 https://rhn.redhat.com/errata/RHSA-2003-269.html KDE Security Advisory http://www.kde.org/info/security/advisory-20030916-1.txt |
Histórico de versiones |
||
Versión | Comentario | Fecha |
1.0 | Aviso emitido | 2003-09-23 |