Schnellnavigation überspringen

• Über Debian
• Nachrichten
• Debian besorgen
• Unterstützung
• Entwickler-Ecke
• Sitemap
• Suche

Debian-Sicherheitsankündigung

DSA-388-1 kdebase -- Mehrere Verwundbarkeiten

Datum des Berichts:

19. Sep 2003

Betroffene Pakete:

kdebase

Verwundbar:

Ja

Sicherheitsdatenbanken-Referenzen:

In der Bugtraq-Datenbank (bei SecurityFocus): BugTraq ID 8635, BugTraq ID 8636.
In Mitres CVE-Verzeichnis: CVE-2003-0690, CVE-2003-0692.

Weitere Informationen:

In kdebase wurden zwei Verwundbarkeiten entdeckt:

• CAN-2003-0690:

  KDM in KDE 3.1.3 und früher prüft nicht, ob die sich pam_setcred Funktion erfolgreich beendet, was es Angreifern erlaubt, root-Berechtigungen zu erhalten, indem Fehlerfälle in PAM-Modulen ausgelöst werden, wie mit bestimmten Konfigurationen des MIT pam_krb5 Moduls demonstriert wird.

• CAN-2003-0692:

  KDM in KDE 3.1.3 und früher verwendet einen schwachen Algorithmus zum Erstellen von Session-Cookies, der keine 128-Bit Entropie bietet, was es Angreifern erlaubt, Session-Cookies mittels Methoden von roher Gewalt zu erraten und Zugriff auf die Benutzer-Sitzung zu erhalten.

Diese Verwundbarkeiten sind in folgendem Sicherheitsgutachten von KDE beschrieben:

http://www.kde.org/info/security/advisory-20030916-1.txt

Für die aktuelle stable Distribution (Woody) wurden diese Probleme in Version 4:2.2.2-14.7 behoben.

Für die unstable Distribution (Sid) werden diese Probleme bald behoben sein.

Wir empfehlen Ihnen, Ihr kdebase-Paket zu aktualisieren.

Behoben in:

Debian GNU/Linux 3.0 (woody)

Quellcode:

http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.7.dsc

http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.7.diff.gz

http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2.orig.tar.gz

Architektur-unabhängige Dateien:

http://security.debian.org/pool/updates/main/k/kdebase/kdebase-doc_2.2.2-14.7_all.deb

http://security.debian.org/pool/updates/main/k/kdebase/kdewallpapers_2.2.2-14.7_all.deb

Alpha:

http://security.debian.org/pool/updates/main/k/kdebase/kate_2.2.2-14.7_alpha.deb

http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.7_alpha.deb

http://security.debian.org/pool/updates/main/k/kdebase/kdebase-audiolibs_2.2.2-14.7_alpha.deb

http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dev_2.2.2-14.7_alpha.deb

http://security.debian.org/pool/updates/main/k/kdebase/kdebase-libs_2.2.2-14.7_alpha.deb

http://security.debian.org/pool/updates/main/k/kdebase/kdm_2.2.2-14.7_alpha.deb

http://security.debian.org/pool/updates/main/k/kdebase/konqueror_2.2.2-14.7_alpha.deb

http://security.debian.org/pool/updates/main/k/kdebase/konsole_2.2.2-14.7_alpha.deb

http://security.debian.org/pool/updates/main/k/kdebase/kscreensaver_2.2.2-14.7_alpha.deb

http://security.debian.org/pool/updates/main/k/kdebase/libkonq-dev_2.2.2-14.7_alpha.deb

http://security.debian.org/pool/updates/main/k/kdebase/libkonq3_2.2.2-14.7_alpha.deb

ARM:

http://security.debian.org/pool/updates/main/k/kdebase/kate_2.2.2-14.7_arm.deb

http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.7_arm.deb

http://security.debian.org/pool/updates/main/k/kdebase/kdebase-audiolibs_2.2.2-14.7_arm.deb

http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dev_2.2.2-14.7_arm.deb

http://security.debian.org/pool/updates/main/k/kdebase/kdebase-libs_2.2.2-14.7_arm.deb

http://security.debian.org/pool/updates/main/k/kdebase/kdm_2.2.2-14.7_arm.deb

http://security.debian.org/pool/updates/main/k/kdebase/konqueror_2.2.2-14.7_arm.deb

http://security.debian.org/pool/updates/main/k/kdebase/konsole_2.2.2-14.7_arm.deb

http://security.debian.org/pool/updates/main/k/kdebase/kscreensaver_2.2.2-14.7_arm.deb

http://security.debian.org/pool/updates/main/k/kdebase/libkonq-dev_2.2.2-14.7_arm.deb

http://security.debian.org/pool/updates/main/k/kdebase/libkonq3_2.2.2-14.7_arm.deb

Intel IA-32:

http://security.debian.org/pool/updates/main/k/kdebase/kate_2.2.2-14.7_i386.deb

http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.7_i386.deb

http://security.debian.org/pool/updates/main/k/kdebase/kdebase-audiolibs_2.2.2-14.7_i386.deb

http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dev_2.2.2-14.7_i386.deb

http://security.debian.org/pool/updates/main/k/kdebase/kdebase-libs_2.2.2-14.7_i386.deb

http://security.debian.org/pool/updates/main/k/kdebase/kdm_2.2.2-14.7_i386.deb

http://security.debian.org/pool/updates/main/k/kdebase/konqueror_2.2.2-14.7_i386.deb

http://security.debian.org/pool/updates/main/k/kdebase/konsole_2.2.2-14.7_i386.deb

http://security.debian.org/pool/updates/main/k/kdebase/kscreensaver_2.2.2-14.7_i386.deb

http://security.debian.org/pool/updates/main/k/kdebase/libkonq-dev_2.2.2-14.7_i386.deb

http://security.debian.org/pool/updates/main/k/kdebase/libkonq3_2.2.2-14.7_i386.deb

Intel IA-64:

http://security.debian.org/pool/updates/main/k/kdebase/kate_2.2.2-14.7_ia64.deb

http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.7_ia64.deb

http://security.debian.org/pool/updates/main/k/kdebase/kdebase-audiolibs_2.2.2-14.7_ia64.deb

http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dev_2.2.2-14.7_ia64.deb

http://security.debian.org/pool/updates/main/k/kdebase/kdebase-libs_2.2.2-14.7_ia64.deb

http://security.debian.org/pool/updates/main/k/kdebase/kdm_2.2.2-14.7_ia64.deb

http://security.debian.org/pool/updates/main/k/kdebase/konqueror_2.2.2-14.7_ia64.deb

http://security.debian.org/pool/updates/main/k/kdebase/konsole_2.2.2-14.7_ia64.deb

http://security.debian.org/pool/updates/main/k/kdebase/kscreensaver_2.2.2-14.7_ia64.deb

http://security.debian.org/pool/updates/main/k/kdebase/libkonq-dev_2.2.2-14.7_ia64.deb

http://security.debian.org/pool/updates/main/k/kdebase/libkonq3_2.2.2-14.7_ia64.deb

HPPA:

http://security.debian.org/pool/updates/main/k/kdebase/kate_2.2.2-14.7_hppa.deb

http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.7_hppa.deb

http://security.debian.org/pool/updates/main/k/kdebase/kdebase-audiolibs_2.2.2-14.7_hppa.deb

http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dev_2.2.2-14.7_hppa.deb

http://security.debian.org/pool/updates/main/k/kdebase/kdebase-libs_2.2.2-14.7_hppa.deb

http://security.debian.org/pool/updates/main/k/kdebase/kdm_2.2.2-14.7_hppa.deb

http://security.debian.org/pool/updates/main/k/kdebase/konqueror_2.2.2-14.7_hppa.deb

http://security.debian.org/pool/updates/main/k/kdebase/konsole_2.2.2-14.7_hppa.deb

http://security.debian.org/pool/updates/main/k/kdebase/kscreensaver_2.2.2-14.7_hppa.deb

http://security.debian.org/pool/updates/main/k/kdebase/libkonq-dev_2.2.2-14.7_hppa.deb

http://security.debian.org/pool/updates/main/k/kdebase/libkonq3_2.2.2-14.7_hppa.deb

Motorola 680x0:

http://security.debian.org/pool/updates/main/k/kdebase/kate_2.2.2-14.7_m68k.deb

http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.7_m68k.deb

http://security.debian.org/pool/updates/main/k/kdebase/kdebase-audiolibs_2.2.2-14.7_m68k.deb

http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dev_2.2.2-14.7_m68k.deb

http://security.debian.org/pool/updates/main/k/kdebase/kdebase-libs_2.2.2-14.7_m68k.deb

http://security.debian.org/pool/updates/main/k/kdebase/kdm_2.2.2-14.7_m68k.deb

http://security.debian.org/pool/updates/main/k/kdebase/konqueror_2.2.2-14.7_m68k.deb

http://security.debian.org/pool/updates/main/k/kdebase/konsole_2.2.2-14.7_m68k.deb

http://security.debian.org/pool/updates/main/k/kdebase/kscreensaver_2.2.2-14.7_m68k.deb

http://security.debian.org/pool/updates/main/k/kdebase/libkonq-dev_2.2.2-14.7_m68k.deb

http://security.debian.org/pool/updates/main/k/kdebase/libkonq3_2.2.2-14.7_m68k.deb

Big endian MIPS:

http://security.debian.org/pool/updates/main/k/kdebase/kate_2.2.2-14.7_mips.deb

http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.7_mips.deb

http://security.debian.org/pool/updates/main/k/kdebase/kdebase-audiolibs_2.2.2-14.7_mips.deb

http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dev_2.2.2-14.7_mips.deb

http://security.debian.org/pool/updates/main/k/kdebase/kdebase-libs_2.2.2-14.7_mips.deb

http://security.debian.org/pool/updates/main/k/kdebase/kdm_2.2.2-14.7_mips.deb

http://security.debian.org/pool/updates/main/k/kdebase/konqueror_2.2.2-14.7_mips.deb

http://security.debian.org/pool/updates/main/k/kdebase/konsole_2.2.2-14.7_mips.deb

http://security.debian.org/pool/updates/main/k/kdebase/kscreensaver_2.2.2-14.7_mips.deb

http://security.debian.org/pool/updates/main/k/kdebase/libkonq-dev_2.2.2-14.7_mips.deb

http://security.debian.org/pool/updates/main/k/kdebase/libkonq3_2.2.2-14.7_mips.deb

Little endian MIPS:

http://security.debian.org/pool/updates/main/k/kdebase/kate_2.2.2-14.7_mipsel.deb

http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.7_mipsel.deb

http://security.debian.org/pool/updates/main/k/kdebase/kdebase-audiolibs_2.2.2-14.7_mipsel.deb

http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dev_2.2.2-14.7_mipsel.deb

http://security.debian.org/pool/updates/main/k/kdebase/kdebase-libs_2.2.2-14.7_mipsel.deb

http://security.debian.org/pool/updates/main/k/kdebase/kdm_2.2.2-14.7_mipsel.deb

http://security.debian.org/pool/updates/main/k/kdebase/konqueror_2.2.2-14.7_mipsel.deb

http://security.debian.org/pool/updates/main/k/kdebase/konsole_2.2.2-14.7_mipsel.deb

http://security.debian.org/pool/updates/main/k/kdebase/kscreensaver_2.2.2-14.7_mipsel.deb

http://security.debian.org/pool/updates/main/k/kdebase/libkonq-dev_2.2.2-14.7_mipsel.deb

http://security.debian.org/pool/updates/main/k/kdebase/libkonq3_2.2.2-14.7_mipsel.deb

PowerPC:

http://security.debian.org/pool/updates/main/k/kdebase/kate_2.2.2-14.7_powerpc.deb

http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.7_powerpc.deb

http://security.debian.org/pool/updates/main/k/kdebase/kdebase-audiolibs_2.2.2-14.7_powerpc.deb

http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dev_2.2.2-14.7_powerpc.deb

http://security.debian.org/pool/updates/main/k/kdebase/kdebase-libs_2.2.2-14.7_powerpc.deb

http://security.debian.org/pool/updates/main/k/kdebase/kdm_2.2.2-14.7_powerpc.deb

http://security.debian.org/pool/updates/main/k/kdebase/konqueror_2.2.2-14.7_powerpc.deb

http://security.debian.org/pool/updates/main/k/kdebase/konsole_2.2.2-14.7_powerpc.deb

http://security.debian.org/pool/updates/main/k/kdebase/kscreensaver_2.2.2-14.7_powerpc.deb

http://security.debian.org/pool/updates/main/k/kdebase/libkonq-dev_2.2.2-14.7_powerpc.deb

http://security.debian.org/pool/updates/main/k/kdebase/libkonq3_2.2.2-14.7_powerpc.deb

IBM S/390:

http://security.debian.org/pool/updates/main/k/kdebase/kate_2.2.2-14.7_s390.deb

http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.7_s390.deb

http://security.debian.org/pool/updates/main/k/kdebase/kdebase-audiolibs_2.2.2-14.7_s390.deb

http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dev_2.2.2-14.7_s390.deb

http://security.debian.org/pool/updates/main/k/kdebase/kdebase-libs_2.2.2-14.7_s390.deb

http://security.debian.org/pool/updates/main/k/kdebase/kdm_2.2.2-14.7_s390.deb

http://security.debian.org/pool/updates/main/k/kdebase/konqueror_2.2.2-14.7_s390.deb

http://security.debian.org/pool/updates/main/k/kdebase/konsole_2.2.2-14.7_s390.deb

http://security.debian.org/pool/updates/main/k/kdebase/kscreensaver_2.2.2-14.7_s390.deb

http://security.debian.org/pool/updates/main/k/kdebase/libkonq-dev_2.2.2-14.7_s390.deb

http://security.debian.org/pool/updates/main/k/kdebase/libkonq3_2.2.2-14.7_s390.deb

Sun Sparc:

http://security.debian.org/pool/updates/main/k/kdebase/kate_2.2.2-14.7_sparc.deb

http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.7_sparc.deb

http://security.debian.org/pool/updates/main/k/kdebase/kdebase-audiolibs_2.2.2-14.7_sparc.deb

http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dev_2.2.2-14.7_sparc.deb

http://security.debian.org/pool/updates/main/k/kdebase/kdebase-libs_2.2.2-14.7_sparc.deb

http://security.debian.org/pool/updates/main/k/kdebase/kdm_2.2.2-14.7_sparc.deb

http://security.debian.org/pool/updates/main/k/kdebase/konqueror_2.2.2-14.7_sparc.deb

http://security.debian.org/pool/updates/main/k/kdebase/konsole_2.2.2-14.7_sparc.deb

http://security.debian.org/pool/updates/main/k/kdebase/kscreensaver_2.2.2-14.7_sparc.deb

http://security.debian.org/pool/updates/main/k/kdebase/libkonq-dev_2.2.2-14.7_sparc.deb

http://security.debian.org/pool/updates/main/k/kdebase/libkonq3_2.2.2-14.7_sparc.deb

MD5-Prüfsummen der aufgeführten Dateien stehen in der ursprünglichen Sicherheitsankündigung zur Verfügung.

Diese Seite gibt es auch in den folgenden Sprachen:

dansk English español français 日本語 (Nihongo) Português Русский (Russkij) svenska

Wie stellt man die Standardsprache ein