![[LWN Logo]](/images/lwn.banner.gif)
Date: 9 Jun 1999 16:41:45 -0000
From: listmaster@locutus.calderasystems.com
To: announce@lists.calderasystems.com
Subject: Security Announcement 15
-----BEGIN PGP SIGNED MESSAGE-----
______________________________________________________________________________
Caldera Systems, Inc. Security Advisory
Subject: kvt allows any local user to obtain super user privilege.
Advisory number: CSSA-1999:015.0
Issue date: 1999 June 08
Cross reference:
______________________________________________________________________________
1. Problem Description
The kvt terminal program is part of the KDE desktop.
It is a setuid root program in order to allow proper
handling of pseudo ttys.
There are two security problems in kvt that allow
any local user to obtain super user privilege.
2. Vulnerable Versions
Systems: OpenLinux 2.2
Packages: previous to kdebase-1.1-14
3. Solutions
Upgrade to the latest kdebase-1.1-14
rpm -i --nodeps kdebase-1.1-14.i386.rpm
4. Location of Fixed Packages
The upgrade packages can be found on Caldera's FTP site at:
ftp://ftp.calderasystems.com/pub/OpenLinux/updates/2.2/current/RPMS/
The corresponding source code package can be found at:
ftp://ftp.calderaystems.com/pub/OpenLinux/updates/2.2/current/SRPMS
5. Installing Fixed Packages
Upgrade the affected packages with the following commands:
rpm -i --nodeps kdebase-1.1-14.i386.rpm
6. Verification
a819d1a8a5dca47c426f3fc035047fc6 RPMS/kdebase-1.1-14.i386.rpm
cf9844d33334d30ede977fd4902d261d SRPMS/kdebase-1.1-14.src.rpm
7. References
This and other Caldera security resources are located at:
http://www.calderasystems.com/news/security/index.html
This security fix closes Caldera's internal Problem Report 4603
8. Disclaimer
Caldera Systems, Inc. is not responsible for the misuse of any of the
information we provide on this website and/or through our security
advisories. Our advisories are a service to our customers intended to
promote secure installation and use of Caldera OpenLinux.
______________________________________________________________________________
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv
iQCVAwUBN12DYOn+9R4958LpAQGH2QP+P8I4MoT9rcEi72KNnf+n2bW57f6qw5Ps
6pg4NHgh3spRE9ipHjkjJ79060jlfSt1AfkPtAOq1lX7YSWyk2Im+cRj7ZDs08Pl
61Zek0rJ289qeJa+TjkmEdCzzt1sIA7A5OqS88zxETszPSM+7ZLP7j38BmGaSnLl
qA6QSJxyMBY=
=yrpT
-----END PGP SIGNATURE-----
--
Note: To learn how to use this list server, email a "help" command to
majordomo@lists.calderasystems.com.