Subject: [email@example.com: ISSalert: ISS Security Advisory: KDE K-Mail File Creation Vulnerability]
To: None <firstname.lastname@example.org>
From: Mason Loring Bliss <email@example.com>
Date: 06/09/1999 16:35:55
----- Forwarded message from X-Force <firstname.lastname@example.org> -----
Date: Wed, 9 Jun 1999 16:16:41 -0400 (EDT)
From: X-Force <email@example.com>
Subject: ISSalert: ISS Security Advisory: KDE K-Mail File Creation Vulnerability
TO UNSUBSCRIBE: email "unsubscribe alert" in the body of your message to
firstname.lastname@example.org Contact email@example.com for help with any problems!
-----BEGIN PGP SIGNED MESSAGE-----
ISS Security Advisory
June 9, 1999
KDE K-Mail File Creation Vulnerability
Internet Security Systems (ISS) X-Force has discovered a vulnerability in
KDE's K-Mail mail user agent software. KDE is a very popular window manager
available for most Unix platforms, and provides an easy-to-use interface and
a number of graphical front ends to common command-line Unix applications.
K-Mail contains a vulnerability that may allow local attackers to compromise
the UID of whoever is running K-Mail. The mail client creates insecure
temporary directories that are used to store MIME encoded files.
ISS X-Force has confirmed that this vulnerability exists on version 1.1 of
KDE window management software.
To determine if you are vulnerable, run the KDE Control Center application
and see if the version of KDE reported is 1.1 or earlier.
When K-Mail receives an e-mail with attachments, it creates a directory to
store the attachments. K-Mail does not verify that the directory already
exists, and is willing to follow symbolic links, allowing local attackers to
create files with the contents they choose in any directory writable by the
user executing K-Mail. If K-Mail is run as root, unauthorized superuser
access may be obtained.
KDE has a patch that addresses this vulnerability. It can be retrieved at:
Information in this advisory was obtained by the research of Brian Mitchell
firstname.lastname@example.org. ISS X-Force would like to thank Stefan Taferner, Markus
Wuebben, and the entire KDE organization for their rapid response to this
Copyright (c) 1999 by Internet Security Systems, Inc. Permission is
hereby granted for the electronic redistribution of this Security Alert.
It is not to be edited in any way without express consent of the X-Force.
If you wish to reprint the whole or any part of this Alert Summary in any
other medium excluding electronic medium, please e-mail email@example.com for
ISS is the pioneer and leading provider of adaptive network security
software delivering enterprise-wide information protection solutions. ISS'
award-winning SAFEsuite family of products enables information risk
management within intranet, extranet and electronic commerce environments.
By combining proactive vulnerability detection with real-time intrusion
detection and response, ISS' adaptive security approach creates a flexible
cycle of continuous security improvement, including security policy
implementation and enforcement. ISS SAFEsuite solutions strengthen the
security of existing systems and have dramatically improved the security
posture for organizations worldwide, making ISS a trusted security advisor
for firms in the Global 2000, 21 of the 25 largest U.S. commercial banks
and over 35 governmental agencies. For more information, call ISS at
678-443-6000 or 800-776-2362 or visit the ISS Web site at www.iss.net.
The information within this paper may change without notice. Use of this
information constitutes acceptance for use in an AS IS condition. There
are NO warranties with regard to this information. In no event shall the
author be liable for any damages whatsoever arising out of or in
connection with the use or spread of this information. Any use of this
information is at the user's own risk.
well as on MIT's PGP key server and PGP.com's key server.
Please send suggestions, updates, and comments to:
X-Force <firstname.lastname@example.org> of Internet Security Systems, Inc.
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----
----- End forwarded message -----
Mason Loring Bliss email@example.com They also surf who
awake ? sleep : dream; http://acheron.ne.mediaone.net only stand on waves.