[Security] KDM Password-less login vulnerability

Bug #141378 reported by Richard Johnson on 2007-09-20
256
Affects Status Importance Assigned to Milestone
kdebase (Ubuntu)
High
Unassigned
Dapper
High
Kees Cook
Edgy
High
Kees Cook
Feisty
High
Kees Cook
Gutsy
High
Unassigned

Bug Description

Binary package hint: kdebase

KDE Security Advisory: KDM passwordless login vulnerability
Original Release Date: 2007-09-19
URL: http://www.kde.org/info/security/advisory-20070919-1.txt

0. References
        CVE-2007-4569

1. Systems affected:

 KDM as shipped with KDE 3.3.0 up to including 3.5.7. KDE 3.2.x and
 older and newer versions than KDE 3.5.7 are not affected.

2. Overview:

 KDM can be tricked into performing a password-less login even for
 accounts with a password set under certain circumstances, namely
        autologin to be configured and "shutdown with password" enabled.

        This vulnerability was discovered and reported by Kees Huijgen.

3. Impact:

 KDM might allow a normal user to login as another user or even
 root without properly supplying login credentials.

4. Solution:

        Source code patches have been made available which fix these
        vulnerabilities. Contact your OS vendor / binary package provider
        for information about how to obtain updated binary packages.

5. Patch:

        A patch for KDE 3.5.0 - KDE 3.5.7 is available from
        ftp://ftp.kde.org/pub/kde/security_patches :

        ee6c57046902c5b5a32a4699558baafc post-3.5.7-kdebase-kdm.diff

        A patch for KDE 3.3.0 - KDE 3.4.2 is available from
        ftp://ftp.kde.org/pub/kde/security_patches :

        ad7333a336bdbaef7fae5e74cd12119b post-3.4.2-kdebase-kdm.diff

CVE References

Richard Johnson (nixternal) wrote :

Affects Dapper through Gutsy - I am working on debdiffs now for Dapper through Feisty. Gutsy update will be done normally seeing as there will be other updates with it.

Changed in kdebase:
assignee: nobody → nixternal
Richard Johnson (nixternal) wrote :
Richard Johnson (nixternal) wrote :
Richard Johnson (nixternal) wrote :
Richard Johnson (nixternal) wrote :

any status on this?

Kees Cook (kees) wrote :

Sorry for the delay -- this should be published shortly.

Kees Cook (kees) wrote :

Dapper, Edgy, Feisty updated by USN-517-1: http://www.ubuntu.com/usn/usn-517-1

Changed in kdebase:
assignee: nixternal → jr
importance: Undecided → High
status: New → Triaged
assignee: nobody → keescook
importance: Undecided → High
status: New → Fix Released
assignee: nobody → keescook
importance: Undecided → High
status: New → Fix Released
assignee: nobody → keescook
importance: Undecided → High
status: New → Fix Released
Download full text (3.5 KiB)

********* *BEGIN ENCRYPTED or SIGNED PART* *********

Format: 1.7
Date: Fri, 28 Sep 2007 18:56:10 +1000
Source: kdebase
Binary: kdesktop kcontrol kpersonalizer kdm kdebase-doc-html kdebase-dbg klipper kappfinder kdebase-doc kdebase kmenuedit kicker libkonq4 konqueror-nsplugins kdebase-bin kdebase-dev ksplash kdeprint libkonq4-dev kwin kdepasswd ksmserver kfind kdebase-kio-plugins kpager khelpcenter kate ksysguard konqueror ktip ksysguardd kdebase-data konsole
Architecture: source
Version: 4:3.5.7-1ubuntu24
Distribution: gutsy
Urgency: low
Maintainer: Jonathan Riddell <email address hidden>
Changed-By: Sarah Hobbs <email address hidden>
Description:
 kappfinder - non-KDE application finder for KDE
 kate - advanced text editor for KDE
 kcontrol - control center for KDE
 kdebase - base components from the official KDE release
 kdebase-bin - core binaries for the KDE base module
 kdebase-data - shared data files for the KDE base module
 kdebase-dbg - debugging symbols for kdebase
 kdebase-dev - development files for the KDE base module
 kdebase-doc - developer documentation for the KDE base module
 kdebase-doc-html - KDE base documentation in HTML format
 kdebase-kio-plugins - core I/O slaves for KDE
 kdepasswd - password changer for KDE
 kdeprint - print system for KDE
 kdesktop - miscellaneous binaries and files for the KDE desktop
 kdm - X display manager for KDE
 kfind - file-find utility for KDE
 khelpcenter - help center for KDE
 kicker - desktop panel for KDE
 klipper - clipboard utility for KDE
 kmenuedit - menu editor for KDE
 konqueror - KDE's advanced file manager, web browser and document viewer
 konqueror-nsplugins - Netscape plugin support for Konqueror
 konsole - X terminal emulator for KDE
 kpager - desktop pager for KDE
 kpersonalizer - installation personalizer for KDE
 ksmserver - session manager for KDE
 ksplash - the KDE splash screen
 ksysguard - system guard for KDE
 ksysguardd - system guard daemon for KDE
 ktip - useful tips for KDE
 kwin - the KDE window manager
 libkonq4 - core libraries for Konqueror
 libkonq4-dev - development files for Konqueror's core libraries
Launchpad-Bugs-Fixed: 107694 139893 141628
Changes:
 kdebase (4:3.5.7-1ubuntu24) gutsy; urgency=low
 .
   [ Richard A. Johnson ]
   * SECURITY UPDATE: KDM password-less login
   * KDM can be tricked into performing a password-less login even for accounts
     with a password set under certain circumstances, namely autologin to be
     configured and "shutdown with password" enabled.
   * Add kubuntu_sec_03_kdm_pwless_login.diff for session.c to fix KDM
     password-less and autologin configuration.
   * References:
     - http://www.kde.org/info/security/advisory-20070919-1.txt
     - CVE-2007-4569
   * Updated debian/kubuntu_33_kubuntuify_about.diff - changed link to Kubuntu
     Documentation so Konqueror startpage links work correctly
 .
   [ Sarah Hobbs ]
   * Added kubuntu_17_check_for_prelinking.diff. (Closes LP: #107694)
   * Added konqueror dependancy for konqueror-nsplugins. (LP: #139893)
   * Added kubuntu_fix_kscreensaver_w...

Read more...

Changed in kdebase:
assignee: jr → hobbsee
status: Triaged → Fix Released
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers