[Security] KDM Password-less login vulnerability

Bug #141378 reported by Richard Johnson on 2007-09-20
Affects Status Importance Assigned to Milestone
kdebase (Ubuntu)
Kees Cook
Kees Cook
Kees Cook

Bug Description

Binary package hint: kdebase

KDE Security Advisory: KDM passwordless login vulnerability
Original Release Date: 2007-09-19
URL: http://www.kde.org/info/security/advisory-20070919-1.txt

0. References

1. Systems affected:

 KDM as shipped with KDE 3.3.0 up to including 3.5.7. KDE 3.2.x and
 older and newer versions than KDE 3.5.7 are not affected.

2. Overview:

 KDM can be tricked into performing a password-less login even for
 accounts with a password set under certain circumstances, namely
        autologin to be configured and "shutdown with password" enabled.

        This vulnerability was discovered and reported by Kees Huijgen.

3. Impact:

 KDM might allow a normal user to login as another user or even
 root without properly supplying login credentials.

4. Solution:

        Source code patches have been made available which fix these
        vulnerabilities. Contact your OS vendor / binary package provider
        for information about how to obtain updated binary packages.

5. Patch:

        A patch for KDE 3.5.0 - KDE 3.5.7 is available from
        ftp://ftp.kde.org/pub/kde/security_patches :

        ee6c57046902c5b5a32a4699558baafc post-3.5.7-kdebase-kdm.diff

        A patch for KDE 3.3.0 - KDE 3.4.2 is available from
        ftp://ftp.kde.org/pub/kde/security_patches :

        ad7333a336bdbaef7fae5e74cd12119b post-3.4.2-kdebase-kdm.diff

CVE References

Richard Johnson (nixternal) wrote :

Affects Dapper through Gutsy - I am working on debdiffs now for Dapper through Feisty. Gutsy update will be done normally seeing as there will be other updates with it.

Changed in kdebase:
assignee: nobody → nixternal
Richard Johnson (nixternal) wrote :
Richard Johnson (nixternal) wrote :
Richard Johnson (nixternal) wrote :
Richard Johnson (nixternal) wrote :

any status on this?

Kees Cook (kees) wrote :

Sorry for the delay -- this should be published shortly.

Kees Cook (kees) wrote :

Dapper, Edgy, Feisty updated by USN-517-1: http://www.ubuntu.com/usn/usn-517-1

Changed in kdebase:
assignee: nixternal → jr
importance: Undecided → High
status: New → Triaged
assignee: nobody → keescook
importance: Undecided → High
status: New → Fix Released
assignee: nobody → keescook
importance: Undecided → High
status: New → Fix Released
assignee: nobody → keescook
importance: Undecided → High
status: New → Fix Released
Download full text (3.5 KiB)

********* *BEGIN ENCRYPTED or SIGNED PART* *********

Format: 1.7
Date: Fri, 28 Sep 2007 18:56:10 +1000
Source: kdebase
Binary: kdesktop kcontrol kpersonalizer kdm kdebase-doc-html kdebase-dbg klipper kappfinder kdebase-doc kdebase kmenuedit kicker libkonq4 konqueror-nsplugins kdebase-bin kdebase-dev ksplash kdeprint libkonq4-dev kwin kdepasswd ksmserver kfind kdebase-kio-plugins kpager khelpcenter kate ksysguard konqueror ktip ksysguardd kdebase-data konsole
Architecture: source
Version: 4:3.5.7-1ubuntu24
Distribution: gutsy
Urgency: low
Maintainer: Jonathan Riddell <email address hidden>
Changed-By: Sarah Hobbs <email address hidden>
 kappfinder - non-KDE application finder for KDE
 kate - advanced text editor for KDE
 kcontrol - control center for KDE
 kdebase - base components from the official KDE release
 kdebase-bin - core binaries for the KDE base module
 kdebase-data - shared data files for the KDE base module
 kdebase-dbg - debugging symbols for kdebase
 kdebase-dev - development files for the KDE base module
 kdebase-doc - developer documentation for the KDE base module
 kdebase-doc-html - KDE base documentation in HTML format
 kdebase-kio-plugins - core I/O slaves for KDE
 kdepasswd - password changer for KDE
 kdeprint - print system for KDE
 kdesktop - miscellaneous binaries and files for the KDE desktop
 kdm - X display manager for KDE
 kfind - file-find utility for KDE
 khelpcenter - help center for KDE
 kicker - desktop panel for KDE
 klipper - clipboard utility for KDE
 kmenuedit - menu editor for KDE
 konqueror - KDE's advanced file manager, web browser and document viewer
 konqueror-nsplugins - Netscape plugin support for Konqueror
 konsole - X terminal emulator for KDE
 kpager - desktop pager for KDE
 kpersonalizer - installation personalizer for KDE
 ksmserver - session manager for KDE
 ksplash - the KDE splash screen
 ksysguard - system guard for KDE
 ksysguardd - system guard daemon for KDE
 ktip - useful tips for KDE
 kwin - the KDE window manager
 libkonq4 - core libraries for Konqueror
 libkonq4-dev - development files for Konqueror's core libraries
Launchpad-Bugs-Fixed: 107694 139893 141628
 kdebase (4:3.5.7-1ubuntu24) gutsy; urgency=low
   [ Richard A. Johnson ]
   * SECURITY UPDATE: KDM password-less login
   * KDM can be tricked into performing a password-less login even for accounts
     with a password set under certain circumstances, namely autologin to be
     configured and "shutdown with password" enabled.
   * Add kubuntu_sec_03_kdm_pwless_login.diff for session.c to fix KDM
     password-less and autologin configuration.
   * References:
     - http://www.kde.org/info/security/advisory-20070919-1.txt
     - CVE-2007-4569
   * Updated debian/kubuntu_33_kubuntuify_about.diff - changed link to Kubuntu
     Documentation so Konqueror startpage links work correctly
   [ Sarah Hobbs ]
   * Added kubuntu_17_check_for_prelinking.diff. (Closes LP: #107694)
   * Added konqueror dependancy for konqueror-nsplugins. (LP: #139893)
   * Added kubuntu_fix_kscreensaver_w...


Changed in kdebase:
assignee: jr → hobbsee
status: Triaged → Fix Released
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers