Skip to navigation

Security Advisory kdenetwork security update

Advisory: RHSA-2005:175-06
Type: Security Advisory
Severity: Low
Issued on: 2005-03-03
Last updated on: 2005-03-03
Affected Products: Red Hat Desktop (v. 3)
Red Hat Enterprise Linux AS (v. 2.1)
Red Hat Enterprise Linux AS (v. 3)
Red Hat Enterprise Linux ES (v. 2.1)
Red Hat Enterprise Linux ES (v. 3)
Red Hat Enterprise Linux WS (v. 2.1)
Red Hat Enterprise Linux WS (v. 3)
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor
CVEs (cve.mitre.org): CVE-2005-0205

Details

Updated kdenetwork packages that fix a file descriptor leak are now available.

This update has been rated as having low security impact by the Red Hat
Security Response Team

The kdenetwork packages contain a collection of networking applications for
the K Desktop Environment.

A bug was found in the way kppp handles privileged file descriptors. A
malicious local user could make use of this flaw to modify the /etc/hosts
or /etc/resolv.conf files, which could be used to spoof domain information.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2005-0205 to this issue.

Please note that the default installation of kppp on Red Hat Enterprise
Linux uses consolehelper and is not vulnerable to this issue. However, the
kppp FAQ provides instructions for removing consolehelper and running kppp
suid root, which is a vulnerable configuration.

Users of kdenetwork should upgrade to these updated packages, which contain
a backported patch, and are not vulnerable to this issue.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied. Use Red Hat
Network to download and update your packages. To launch the Red Hat
Update Agent, use the following command:

up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

http://www.redhat.com/docs/manuals/enterprise/

Updated packages

Red Hat Desktop (v. 3)

IA-32:
ftp://updates.redhat.com/rhn/repository/NULL/kdenetwork/3.1.3-1.8/i386/kdenetwork-3.1.3-1.8.i386.rpm
Missing file
    MD5: 45731aeaf4549c038bb83fdca74fb4a3
ftp://updates.redhat.com/rhn/repository/NULL/kdenetwork-devel/3.1.3-1.8/i386/kdenetwork-devel-3.1.3-1.8.i386.rpm
Missing file
    MD5: 53b0d4af942642630e09792d653c9db7
 
x86_64:
ftp://updates.redhat.com/rhn/repository/NULL/kdenetwork/3.1.3-1.8/x86_64/kdenetwork-3.1.3-1.8.x86_64.rpm
Missing file
    MD5: e078407491bbef5814ee0a610859ecc5
ftp://updates.redhat.com/rhn/repository/NULL/kdenetwork-devel/3.1.3-1.8/x86_64/kdenetwork-devel-3.1.3-1.8.x86_64.rpm
Missing file
    MD5: dfa39b122c1ae9352b01962d4f530254
 
Red Hat Enterprise Linux AS (v. 2.1)

IA-32:
ftp://updates.redhat.com/rhn/repository/NULL/kdenetwork/2.2.2-3.1/i386/kdenetwork-2.2.2-3.1.i386.rpm
Missing file
    MD5: f77d0b1ec8454d5e9db1ac68075dd40a
ftp://updates.redhat.com/rhn/repository/NULL/kdenetwork-ppp/2.2.2-3.1/i386/kdenetwork-ppp-2.2.2-3.1.i386.rpm
Missing file
    MD5: e9ad587c10388c19b57de53297a56fc1
 
IA-64:
ftp://updates.redhat.com/rhn/repository/NULL/kdenetwork/2.2.2-3.1/ia64/kdenetwork-2.2.2-3.1.ia64.rpm
Missing file
    MD5: ff112935f6c2c6993703ef942bdbce45
ftp://updates.redhat.com/rhn/repository/NULL/kdenetwork-ppp/2.2.2-3.1/ia64/kdenetwork-ppp-2.2.2-3.1.ia64.rpm
Missing file
    MD5: 6e6f090bf6e50e1357d05744eca2c04a
 
Red Hat Enterprise Linux AS (v. 3)

IA-32:
ftp://updates.redhat.com/rhn/repository/NULL/kdenetwork/3.1.3-1.8/i386/kdenetwork-3.1.3-1.8.i386.rpm
Missing file
    MD5: 45731aeaf4549c038bb83fdca74fb4a3
ftp://updates.redhat.com/rhn/repository/NULL/kdenetwork-devel/3.1.3-1.8/i386/kdenetwork-devel-3.1.3-1.8.i386.rpm
Missing file
    MD5: 53b0d4af942642630e09792d653c9db7
 
IA-64:
ftp://updates.redhat.com/rhn/repository/NULL/kdenetwork/3.1.3-1.8/ia64/kdenetwork-3.1.3-1.8.ia64.rpm
Missing file
    MD5: 7bc73bc084db2416a5a727106088e563
ftp://updates.redhat.com/rhn/repository/NULL/kdenetwork-devel/3.1.3-1.8/ia64/kdenetwork-devel-3.1.3-1.8.ia64.rpm
Missing file
    MD5: 4d1fc33723154ddac7b1621189bdb82f
 
PPC:
ftp://updates.redhat.com/rhn/repository/NULL/kdenetwork/3.1.3-1.8/ppc/kdenetwork-3.1.3-1.8.ppc.rpm
Missing file
    MD5: 5a74bdef261122d6d5c2e32dbef559ec
ftp://updates.redhat.com/rhn/repository/NULL/kdenetwork-devel/3.1.3-1.8/ppc/kdenetwork-devel-3.1.3-1.8.ppc.rpm
Missing file
    MD5: c78052b174f31955e99bc415e959398f
 
s390:
ftp://updates.redhat.com/rhn/repository/NULL/kdenetwork/3.1.3-1.8/s390/kdenetwork-3.1.3-1.8.s390.rpm
Missing file
    MD5: 3ab0491c71719fa9da87cd341d6e8486
ftp://updates.redhat.com/rhn/repository/NULL/kdenetwork-devel/3.1.3-1.8/s390/kdenetwork-devel-3.1.3-1.8.s390.rpm
Missing file
    MD5: d4110571eebc4978b073a3652726b763
 
s390x:
ftp://updates.redhat.com/rhn/repository/NULL/kdenetwork/3.1.3-1.8/s390x/kdenetwork-3.1.3-1.8.s390x.rpm
Missing file
    MD5: 18cc2a9c00a999b43e652374e7037220
ftp://updates.redhat.com/rhn/repository/NULL/kdenetwork-devel/3.1.3-1.8/s390x/kdenetwork-devel-3.1.3-1.8.s390x.rpm
Missing file
    MD5: 9a67309561e157e455480193f40a0a59
 
x86_64:
ftp://updates.redhat.com/rhn/repository/NULL/kdenetwork/3.1.3-1.8/x86_64/kdenetwork-3.1.3-1.8.x86_64.rpm
Missing file
    MD5: e078407491bbef5814ee0a610859ecc5
ftp://updates.redhat.com/rhn/repository/NULL/kdenetwork-devel/3.1.3-1.8/x86_64/kdenetwork-devel-3.1.3-1.8.x86_64.rpm
Missing file
    MD5: dfa39b122c1ae9352b01962d4f530254
 
Red Hat Enterprise Linux ES (v. 2.1)

IA-32:
ftp://updates.redhat.com/rhn/repository/NULL/kdenetwork/2.2.2-3.1/i386/kdenetwork-2.2.2-3.1.i386.rpm
Missing file
    MD5: f77d0b1ec8454d5e9db1ac68075dd40a
ftp://updates.redhat.com/rhn/repository/NULL/kdenetwork-ppp/2.2.2-3.1/i386/kdenetwork-ppp-2.2.2-3.1.i386.rpm
Missing file
    MD5: e9ad587c10388c19b57de53297a56fc1
 
Red Hat Enterprise Linux ES (v. 3)

IA-32:
ftp://updates.redhat.com/rhn/repository/NULL/kdenetwork/3.1.3-1.8/i386/kdenetwork-3.1.3-1.8.i386.rpm
Missing file
    MD5: 45731aeaf4549c038bb83fdca74fb4a3
ftp://updates.redhat.com/rhn/repository/NULL/kdenetwork-devel/3.1.3-1.8/i386/kdenetwork-devel-3.1.3-1.8.i386.rpm
Missing file
    MD5: 53b0d4af942642630e09792d653c9db7
 
IA-64:
ftp://updates.redhat.com/rhn/repository/NULL/kdenetwork/3.1.3-1.8/ia64/kdenetwork-3.1.3-1.8.ia64.rpm
Missing file
    MD5: 7bc73bc084db2416a5a727106088e563
ftp://updates.redhat.com/rhn/repository/NULL/kdenetwork-devel/3.1.3-1.8/ia64/kdenetwork-devel-3.1.3-1.8.ia64.rpm
Missing file
    MD5: 4d1fc33723154ddac7b1621189bdb82f
 
x86_64:
ftp://updates.redhat.com/rhn/repository/NULL/kdenetwork/3.1.3-1.8/x86_64/kdenetwork-3.1.3-1.8.x86_64.rpm
Missing file
    MD5: e078407491bbef5814ee0a610859ecc5
ftp://updates.redhat.com/rhn/repository/NULL/kdenetwork-devel/3.1.3-1.8/x86_64/kdenetwork-devel-3.1.3-1.8.x86_64.rpm
Missing file
    MD5: dfa39b122c1ae9352b01962d4f530254
 
Red Hat Enterprise Linux WS (v. 2.1)

IA-32:
ftp://updates.redhat.com/rhn/repository/NULL/kdenetwork/2.2.2-3.1/i386/kdenetwork-2.2.2-3.1.i386.rpm
Missing file
    MD5: f77d0b1ec8454d5e9db1ac68075dd40a
ftp://updates.redhat.com/rhn/repository/NULL/kdenetwork-ppp/2.2.2-3.1/i386/kdenetwork-ppp-2.2.2-3.1.i386.rpm
Missing file
    MD5: e9ad587c10388c19b57de53297a56fc1
 
Red Hat Enterprise Linux WS (v. 3)

IA-32:
ftp://updates.redhat.com/rhn/repository/NULL/kdenetwork/3.1.3-1.8/i386/kdenetwork-3.1.3-1.8.i386.rpm
Missing file
    MD5: 45731aeaf4549c038bb83fdca74fb4a3
ftp://updates.redhat.com/rhn/repository/NULL/kdenetwork-devel/3.1.3-1.8/i386/kdenetwork-devel-3.1.3-1.8.i386.rpm
Missing file
    MD5: 53b0d4af942642630e09792d653c9db7
 
IA-64:
ftp://updates.redhat.com/rhn/repository/NULL/kdenetwork/3.1.3-1.8/ia64/kdenetwork-3.1.3-1.8.ia64.rpm
Missing file
    MD5: 7bc73bc084db2416a5a727106088e563
ftp://updates.redhat.com/rhn/repository/NULL/kdenetwork-devel/3.1.3-1.8/ia64/kdenetwork-devel-3.1.3-1.8.ia64.rpm
Missing file
    MD5: 4d1fc33723154ddac7b1621189bdb82f
 
x86_64:
ftp://updates.redhat.com/rhn/repository/NULL/kdenetwork/3.1.3-1.8/x86_64/kdenetwork-3.1.3-1.8.x86_64.rpm
Missing file
    MD5: e078407491bbef5814ee0a610859ecc5
ftp://updates.redhat.com/rhn/repository/NULL/kdenetwork-devel/3.1.3-1.8/x86_64/kdenetwork-devel-3.1.3-1.8.x86_64.rpm
Missing file
    MD5: dfa39b122c1ae9352b01962d4f530254
 
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor

IA-64:
ftp://updates.redhat.com/rhn/repository/NULL/kdenetwork/2.2.2-3.1/ia64/kdenetwork-2.2.2-3.1.ia64.rpm
Missing file
    MD5: ff112935f6c2c6993703ef942bdbce45
ftp://updates.redhat.com/rhn/repository/NULL/kdenetwork-ppp/2.2.2-3.1/ia64/kdenetwork-ppp-2.2.2-3.1.ia64.rpm
Missing file
    MD5: 6e6f090bf6e50e1357d05744eca2c04a
 

Bugs fixed (see bugzilla for more information)

148912 - CAN-2005-0205 kppp local domain name hijacking


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/