|
|
Info |
Last Modified |
| 7 months ago |
|
|
|
|
Description |
KDocker contains a flaw related to the execution of files that may allow an attacker, authenticated to the X session, to send X client messages and have KDocker execute programs not owned by the owner of the KDocker process. No further details have been provided.
|
|
Classification |
Location:
Local Access Required
Attack Type:
Authentication Management
Impact:
Loss of Confidentiality
Exploit:
Exploit Available
Disclosure:
OSVDB Verified
|
|
Technical |
The below code was added to kdocker.cpp from line 416:
if (stat(tmp, &buf) || (getuid()!=buf.st_uid))
{
unlink(tmp);
return TRUE;
}
if (getuid() != buf.st_uid) return TRUE;
With the comment:
"We make sure that the owner of this process and the owner of the file are the same. This will prevent someone from executing arbitrary programs by sending client message. Of course, you can send a message only if you are authenticated to the X session. So this code is there just for the heck of it."
|
|
Solution |
Upgrade to version 0.9 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.
|
|
Products |
|
KDocker
 |
0.8 |
|
|
|
|
Credit |
- Girish Ramakrishnan - cs19713
 users.sourceforge.net -
|
|
BlogsProvided by Technorati
|
None found at this time
|
|
|
