[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#478024: kdelibs: CVE-2008-1671 start_kdeinit multiple vulnerabilities

Package: kdelibs
Severity: important
Tags: security patch

the following CVE (Common Vulnerabilities & Exposures) id was
published for kdelibs.

| 1. Systems affected:
|     start_kdeinit of KDE 3.x as of KDE 3.5.5 or newer. KDE 4.0
|     and newer is not affected. Only Linux platform is affected.
| 2. Overview:
|     start_kdeinit is a wrapper to launch kdeinit with a lower OOM
|     score on Linux. This helper is used to ensure that a
|     single KDE application triggering the Linux kernel OOM killer
|     does not kill the whole KDE session. By default,
|     start_kdeinit is installed as setuid root. The start_kdeinit
|     processing of user-influenceable input is faulty.
| 3. Impact:
|     If start_kdeinit is installed as setuid root, a local user
|     might be able to send unix signals to other processes, cause
|     a denial of service or even possibly execute arbitrary code.

Note, the mitre site did not yet put this on their website, this is
from the upstream advisory:


If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1671

Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.

Attachment: pgpkLW4osiigc.pgp
Description: PGP signature

Reply to: