Bug 1090863 (CVE-2018-10380.)

Summary: VUL-0: CVE-2018-10380: pam_kwallet: Local root vulnerability
Product: [Novell Products] SUSE Security Incidents Reporter: Karol Babioch <karol>
Component: IncidentsAssignee: Security Team bot <security-team>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium CC: abergmann, astieger, fvogt, matthias.gerstner, meissner
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://www.kde.org/info/security/advisory-20180503-1.txt
Whiteboard:
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Comment 1 Matthias Gerstner 2018-04-25 09:52:27 UTC 
The AUDIT bug for the module is bug 993806.
Comment 3 Swamp Workflow Management 2018-05-03 15:30:05 UTC 
This is an autogenerated message for OBS integration:
This bug (1090863) was mentioned in
https://build.opensuse.org/request/show/603704 42.3 / pam_kwallet
https://build.opensuse.org/request/show/603705 Factory / pam_kwallet
https://build.opensuse.org/request/show/603707 15.0 / pam_kwallet
Comment 4 Fabian Vogt 2018-05-03 15:41:40 UTC 
Advisory and patches are public.
Comment 5 Fabian Vogt 2018-05-03 15:41:57 UTC 
Submitted to 42.3, landed in TW.
Comment 6 Alexander Bergmann 2018-05-03 15:52:03 UTC 
https://www.kde.org/info/security/advisory-20180503-1.txt

KDE Project Security Advisory
=============================

Title:          kwallet-pam: Access to privileged files
Risk Rating:    High
CVE:            CVE-2018-10380
Versions:       Plasma < 5.12.6
Date:           4 May 2018


Overview
========
kwallet-pam was doing file writing and permission changing
as root that with correct timing and use of carefully
crafted symbolic links could allow a non privileged user
to become the owner of any file on the system.

Workaround
==========
None (other than not using kwallet-pam)

Solution
========
Update to Plasma >= 5.12.6 or Plasma >= 5.13.0

Or apply the following patches:
Plasma 5.12
    https://commits.kde.org/kwallet-pam/2134dec85ce19d6378d03cddfae9e5e464cb24c0
    https://commits.kde.org/kwallet-pam/01d4143fda5bddb6dca37b23304dc239a5fb38b5

Plasma 5.8
    https://commits.kde.org/kwallet-pam/99abc7fde21f40cc6da5feb6ee766cc46fcca1f8
    https://commits.kde.org/kwallet-pam/802f305d81f8771c4f4a8bd7fd0e368ffc6f9b3b


Credits
=======
Thanks to Fabian Vogt for the report and to Albert Astals Cid for the fix.
Comment 7 Swamp Workflow Management 2018-05-04 22:07:50 UTC 
openSUSE-SU-2018:1149-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 1090863
CVE References: CVE-2018-10380
Sources used:
openSUSE Leap 42.3 (src):    pam_kwallet-5.7.1-4.3.1