Package name
kdesu
Date
2001-01-31
Advisory ID
MDKSA-2001:018
Affected versions
7.2 i586 , 6.1 i586 , 7.0 i586 , 7.1 i586 , CS1.0 i586

Problem description

A problem exists with the kdesu program for KDE versions 1 and 2. kdesu is a frontend for the su program, allowing normal users to run programs with root privileges by prompting for the root password. When the "keep password" option is enabled, kdesu tries to send the password across process boundaries to kdesud via a UNIX socket. During this, it does not verify the identity of the listener on the other end, which can allow attackers to obtain the root password. As of Linux-Mandrake 7.2, the kdesu program is a part of the kdebase package, and libraries for kdesu are found in the kdelibs package.

Updated packages

7.2 i586

 a18c6c5bd7c423515ed7773ab03d2c43  7.2/RPMS/kdebase-2.0.1-1mdk.i586.rpm
3a078b0c56368c465e4015a12203200c  7.2/RPMS/kdebase-devel-2.0.1-1mdk.i586.rpm
f5d129d8bde46e3750fa353c63edfcbc  7.2/RPMS/kdelibs-2.0.1-2mdk.i586.rpm
1768c992dffa54bee6a0adfff86db892  7.2/RPMS/kdelibs-devel-2.0.1-2mdk.i586.rpm
623f54f19268161b513ef6f866bdbfd7  7.2/SRPMS/kdebase-2.0.1-1mdk.src.rpm
b15832a3a8830a5e477d150a2f10da07  7.2/SRPMS/kdelibs-2.0.1-2mdk.src.rpm

6.1 i586

 a7482a9e4d5b89dcb801d5c671c13b83  6.1/RPMS/kdesu-0.97-1.1mdk.i586.rpm
30957c340c1b20e59b26c29c69f5a71f  6.1/SRPMS/kdesu-0.97-1.1mdk.src.rpm

7.0 i586

 49ffd005d4811c68a93d54f26b3ccdf0  7.0/RPMS/kcmkdesu-0.98-14.1mdk.i586.rpm
b3b0747b296722ca7bc4fb27c10c3233  7.0/RPMS/kdesu-0.98-14.1mdk.i586.rpm
121112b716f53c8b7573896a4ca77623  7.0/SRPMS/kdesu-0.98-14.1mdk.src.rpm

7.1 i586

 eb3fcd71986bed9fddacd5ade109d06f  7.1/RPMS/kcmkdesu-0.98-14.1mdk.i586.rpm
30064c64a3ec9a217856600ab035ce59  7.1/RPMS/kdesu-0.98-14.1mdk.i586.rpm
121112b716f53c8b7573896a4ca77623  7.1/SRPMS/kdesu-0.98-14.1mdk.src.rpm

CS1.0 i586

 eb3fcd71986bed9fddacd5ade109d06f  1.0.1/RPMS/kcmkdesu-0.98-14.1mdk.i586.rpm
30064c64a3ec9a217856600ab035ce59  1.0.1/RPMS/kdesu-0.98-14.1mdk.i586.rpm
121112b716f53c8b7573896a4ca77623  1.0.1/SRPMS/kdesu-0.98-14.1mdk.src.rpm