-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ SCO Security Advisory Subject: OpenLinux: KDM Session cookies generated by KDM are potentially insecure Advisory number: CSSA-2003-038.0 Issue date: 2003 December 03 Cross reference: sr884669 fz528314 erg712431 CAN-2003-0690 CAN-2003-0692 ______________________________________________________________________________ 1. Problem Description Two issues have been discovered in KDM: CAN-2003-0690: Privilege escalation with specific PAM modules KDM does not check for successful completion of the pam_setcred() call. In case of error conditions in the installed PAM modules, KDM might grant local root access to any user with valid login credentials. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0690 to this issue. CAN-2003-0692: Session cookies generated by KDM are potentially insecure It has been reported that a certain configuration of the MIT pam_krb5 module can result in a failing pam_setcred() call leaving the session alive and providing root access to a regular user. Additionally the session cookie generation algorithm used by KDM was considered too weak to supply full 128 bits of entropy. This enables non-authorized users to brute-force the session cookie. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0692 to this issue. 2. Vulnerable Supported Versions System Package ---------------------------------------------------------------------- OpenLinux 3.1.1 Server prior to kdebase2-2.2.1-18.i386.rpm prior to kdebase2-opengl-2.2.1-18.i386.rpm OpenLinux 3.1.1 Workstation prior to kdebase2-2.2.1-18.i386.rpm prior to kdebase2-opengl-2.2.1-18.i386.rpm 3. Solution The proper solution is to install the latest packages. Many customers find it easier to use the Caldera System Updater, called cupdate (or kcupdate under the KDE environment), to update these packages rather than downloading and installing them by hand. 4. OpenLinux 3.1.1 Server 4.1 Package Location ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2003-038.0/RPMS 4.2 Packages 245e6c8a935226e966cf80aaa3e42680 kdebase2-2.2.1-18.i386.rpm 5d235209d35446c1862bc2ba45887792 kdebase2-opengl-2.2.1-18.i386.rpm 4.3 Installation rpm -Fvh kdebase2-2.2.1-18.i386.rpm rpm -Fvh kdebase2-opengl-2.2.1-18.i386.rpm 4.4 Source Package Location ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2003-038.0/SRPMS 4.5 Source Packages 4768b9125704bcccbf26274631ddcf39 kdebase2-2.2.1-18.src.rpm 5. OpenLinux 3.1.1 Workstation 5.1 Package Location ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2003-038.0/RPMS 5.2 Packages 278f6661ea4efef5a1457fa0d4e341bf kdebase2-2.2.1-18.i386.rpm b384e75f59a1369c30c8a6a1dd78047b kdebase2-opengl-2.2.1-18.i386.rpm 5.3 Installation rpm -Fvh kdebase2-2.2.1-18.i386.rpm rpm -Fvh kdebase2-opengl-2.2.1-18.i386.rpm 5.4 Source Package Location ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2003-038.0/SRPMS 5.5 Source Packages 746e23a488236a6807cd547a1d94e84b kdebase2-2.2.1-18.src.rpm 6. References Specific references for this advisory: http://www.kde.org/info/security/advisory-20030916-1.txt http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0690 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0692 SCO security resources: http://www.sco.com/support/security/index.html This security fix closes SCO incidents sr884669 fz528314 erg712431. 7. Disclaimer SCO is not responsible for the misuse of any of the information we provide on this website and/or through our security advisories. Our advisories are a service to our customers intended to promote secure installation and use of SCO products. ______________________________________________________________________________ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (SCO/UNIX_SVR5) iD8DBQE/zoVTbluZssSXDTERAqaQAJ9GW4PKZmnMxgKaKlUcyqtwijxQvwCgjXc0 oj/3jS0X0zDkRQPftTP+J40= =JEMW -----END PGP SIGNATURE-----