Mandrake Linux Security Advisory : kdesu (MDKSA-2001:018)

low Nessus Plugin ID 61892

Language:

Synopsis

The remote Mandrake Linux host is missing one or more security updates.

Description

A problem exists with the kdesu program for KDE versions 1 and 2.
kdesu is a frontend for the su program, allowing normal users to run programs with root privileges by prompting for the root password. When the 'keep password' option is enabled, kdesu tries to send the password across process boundaries to kdesud via a UNIX socket. During this, it does not verify the identity of the listener on the other end, which can allow attackers to obtain the root password.

As of Linux-Mandrake 7.2, the kdesu program is a part of the kdebase package, and libraries for kdesu are found in the kdelibs package.

Solution

Update the affected packages.

Plugin Details

Severity: Low

ID: 61892

File Name: mandrake_MDKSA-2001-018.nasl

Version: 1.6

Type: local

Family: Mandriva Local Security Checks

Published: 9/6/2012

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.2

CVSS v2

Risk Factor: Low

Base Score: 2.1

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:kcmkdesu, p-cpe:/a:mandriva:linux:kdebase, p-cpe:/a:mandriva:linux:kdebase-devel, p-cpe:/a:mandriva:linux:kdelibs, p-cpe:/a:mandriva:linux:kdelibs-devel, p-cpe:/a:mandriva:linux:kdesu, cpe:/o:mandrakesoft:mandrake_linux:6.1, cpe:/o:mandrakesoft:mandrake_linux:7.0, cpe:/o:mandrakesoft:mandrake_linux:7.1, cpe:/o:mandrakesoft:mandrake_linux:7.2

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Patch Publication Date: 1/31/2001

Reference Information

CVE: CVE-2001-0178

MDKSA: 2001:018

Detections

Analytics