Mandrake Linux Security Advisory : kdesu (MDKSA-2001:018)

Low Nessus Plugin ID 61892


The remote Mandrake Linux host is missing one or more security updates.


A problem exists with the kdesu program for KDE versions 1 and 2.
kdesu is a frontend for the su program, allowing normal users to run programs with root privileges by prompting for the root password. When the 'keep password' option is enabled, kdesu tries to send the password across process boundaries to kdesud via a UNIX socket. During this, it does not verify the identity of the listener on the other end, which can allow attackers to obtain the root password.

As of Linux-Mandrake 7.2, the kdesu program is a part of the kdebase package, and libraries for kdesu are found in the kdelibs package.


Update the affected packages.

Plugin Details

Severity: Low

ID: 61892

File Name: mandrake_MDKSA-2001-018.nasl

Version: $Revision: 1.3 $

Type: local

Published: 2012/09/06

Modified: 2013/05/31

Dependencies: 12634

Risk Information

Risk Factor: Low


Base Score: 2.1

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:kcmkdesu, p-cpe:/a:mandriva:linux:kdebase, p-cpe:/a:mandriva:linux:kdebase-devel, p-cpe:/a:mandriva:linux:kdelibs, p-cpe:/a:mandriva:linux:kdelibs-devel, p-cpe:/a:mandriva:linux:kdesu, cpe:/o:mandrakesoft:mandrake_linux:6.1, cpe:/o:mandrakesoft:mandrake_linux:7.0, cpe:/o:mandrakesoft:mandrake_linux:7.1, cpe:/o:mandrakesoft:mandrake_linux:7.2

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Patch Publication Date: 2001/01/31

Reference Information

CVE: CVE-2001-0178

MDKSA: 2001:018