Bug 1090863 (CVE-2018-10380.) - VUL-0: CVE-2018-10380: pam_kwallet: Local root vulnerability
Summary: VUL-0: CVE-2018-10380: pam_kwallet: Local root vulnerability
Status: RESOLVED FIXED
Alias: CVE-2018-10380.
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Normal
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL: https://www.kde.org/info/security/adv...
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2018-04-25 09:44 UTC by Karol Babioch
Modified: 2018-05-07 14:47 UTC (History)
5 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Comment 1 Matthias Gerstner 2018-04-25 09:52:27 UTC
The AUDIT bug for the module is bug 993806.
Comment 3 Swamp Workflow Management 2018-05-03 15:30:05 UTC
This is an autogenerated message for OBS integration:
This bug (1090863) was mentioned in
https://build.opensuse.org/request/show/603704 42.3 / pam_kwallet
https://build.opensuse.org/request/show/603705 Factory / pam_kwallet
https://build.opensuse.org/request/show/603707 15.0 / pam_kwallet
Comment 4 Fabian Vogt 2018-05-03 15:41:40 UTC
Advisory and patches are public.
Comment 5 Fabian Vogt 2018-05-03 15:41:57 UTC
Submitted to 42.3, landed in TW.
Comment 6 Alexander Bergmann 2018-05-03 15:52:03 UTC
https://www.kde.org/info/security/advisory-20180503-1.txt

KDE Project Security Advisory
=============================

Title:          kwallet-pam: Access to privileged files
Risk Rating:    High
CVE:            CVE-2018-10380
Versions:       Plasma < 5.12.6
Date:           4 May 2018


Overview
========
kwallet-pam was doing file writing and permission changing
as root that with correct timing and use of carefully
crafted symbolic links could allow a non privileged user
to become the owner of any file on the system.

Workaround
==========
None (other than not using kwallet-pam)

Solution
========
Update to Plasma >= 5.12.6 or Plasma >= 5.13.0

Or apply the following patches:
Plasma 5.12
    https://commits.kde.org/kwallet-pam/2134dec85ce19d6378d03cddfae9e5e464cb24c0
    https://commits.kde.org/kwallet-pam/01d4143fda5bddb6dca37b23304dc239a5fb38b5

Plasma 5.8
    https://commits.kde.org/kwallet-pam/99abc7fde21f40cc6da5feb6ee766cc46fcca1f8
    https://commits.kde.org/kwallet-pam/802f305d81f8771c4f4a8bd7fd0e368ffc6f9b3b


Credits
=======
Thanks to Fabian Vogt for the report and to Albert Astals Cid for the fix.
Comment 7 Swamp Workflow Management 2018-05-04 22:07:50 UTC
openSUSE-SU-2018:1149-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 1090863
CVE References: CVE-2018-10380
Sources used:
openSUSE Leap 42.3 (src):    pam_kwallet-5.7.1-4.3.1