Mandrake Linux Security Advisory : kdesu (MDKSA-2001:018)
Low Nessus Plugin ID 61892
SynopsisThe remote Mandrake Linux host is missing one or more security updates.
DescriptionA problem exists with the kdesu program for KDE versions 1 and 2.
kdesu is a frontend for the su program, allowing normal users to run programs with root privileges by prompting for the root password. When the 'keep password' option is enabled, kdesu tries to send the password across process boundaries to kdesud via a UNIX socket. During this, it does not verify the identity of the listener on the other end, which can allow attackers to obtain the root password.
As of Linux-Mandrake 7.2, the kdesu program is a part of the kdebase package, and libraries for kdesu are found in the kdelibs package.
SolutionUpdate the affected packages.