KDbg .kdbgrc Permission Check Failure Arbitrary Command Execution

2003-09-09T00:00:00
ID OSVDB:4235
Type osvdb
Reporter OSVDB
Modified 2003-09-09T00:00:00

Description

Vulnerability Description

KDbg contains a flaw that may allow a local user to execute arbitrary privileged commands. The issue is due to the program not checking file permissions on the .kdbgrc file. This may allow an attacker to insert custom commands to be run in the context of another user.

Solution Description

Upgrade to version 1.9.3 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

KDbg contains a flaw that may allow a local user to execute arbitrary privileged commands. The issue is due to the program not checking file permissions on the .kdbgrc file. This may allow an attacker to insert custom commands to be run in the context of another user.

References:

Vendor URL: http://members.nextra.at/johsixt/kdbg.html Vendor URL: http://freshmeat.net/projects/kdbg/ Vendor Specific News/Changelog Entry: http://lists.debian.org/debian-devel-changes/2003/09/msg00767.html Vendor Specific Advisory URL Security Tracker: 1014098 Secunia Advisory ID:15580 RedHat RHSA: RHSA-2005:416 Mail List Post: http://lists.kde.org/?l=kde-announce&m=106296509815092&w=2 CVE-2003-0644