-----BEGIN PGP SIGNED MESSAGE-----

______________________________________________________________________________
		   Caldera Systems, Inc.  Security Advisory

Subject:		kvt allows any local user to obtain super user privilege.
Advisory number: 	CSSA-1999:015.0
Issue date: 		1999 June 08
Cross reference: 
______________________________________________________________________________


1. Problem Description

   The kvt terminal program is part of the KDE desktop.
   It is a setuid root program in order to allow proper
   handling of pseudo ttys.

   There are two security problems in kvt that allow
   any local user to obtain super user privilege.

	   
2. Vulnerable Versions

   Systems:     OpenLinux 2.2
   Packages:    previous to kdebase-1.1-14
      
3. Solutions

   Upgrade to the latest kdebase-1.1-14 
   
   rpm -i --nodeps kdebase-1.1-14.i386.rpm
   
4. Location of Fixed Packages

   The upgrade packages can be found on Caldera's FTP site at:

   ftp://ftp.calderasystems.com/pub/OpenLinux/updates/2.2/current/RPMS/

   The corresponding source code package can be found at:

   ftp://ftp.calderaystems.com/pub/OpenLinux/updates/2.2/current/SRPMS


5. Installing Fixed Packages

   Upgrade the affected packages with the following commands:

   rpm -i --nodeps kdebase-1.1-14.i386.rpm
   
6. Verification

   a819d1a8a5dca47c426f3fc035047fc6  RPMS/kdebase-1.1-14.i386.rpm
   cf9844d33334d30ede977fd4902d261d  SRPMS/kdebase-1.1-14.src.rpm

7. References

   This and other Caldera security resources are located at:

   http://www.calderasystems.com/news/security/index.html
  
   This security fix closes Caldera's internal Problem Report 4603
   
8. Disclaimer

   Caldera Systems, Inc. is not responsible for the misuse of any of the
   information we provide on this website and/or through our security
   advisories. Our advisories are a service to our customers intended to
   promote secure installation and use of Caldera OpenLinux.

______________________________________________________________________________


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv

iQCVAwUBN12DYOn+9R4958LpAQGH2QP+P8I4MoT9rcEi72KNnf+n2bW57f6qw5Ps
6pg4NHgh3spRE9ipHjkjJ79060jlfSt1AfkPtAOq1lX7YSWyk2Im+cRj7ZDs08Pl
61Zek0rJ289qeJa+TjkmEdCzzt1sIA7A5OqS88zxETszPSM+7ZLP7j38BmGaSnLl
qA6QSJxyMBY=
=yrpT
-----END PGP SIGNATURE-----