[prev in list] [next in list] [prev in thread] [next in thread]
List: kde-announce
Subject: [kde-announce] KDE Security Advisory: KDM Local Privilege
From: Dirk Mueller <mueller () kde ! org>
Date: 2010-04-13 15:16:17
Message-ID: 201004131716.17908.mueller () kde ! org
[Download RAW message or body]
KDE Security Advisory: KDM Local Privilege Escalation Vulnerability
Original Release Date: 2010-04-13
URL: http://www.kde.org/info/security/advisory-20100413-1.txt
0. References
CVE-2010-0436
1. Systems affected:
KDM as shipped with KDE SC 2.2.0 up to including KDE SC 4.4.2
2. Overview:
KDM contains a race condition that allows local attackers to
make arbitrary files on the system world-writeable. This can
happen while KDM tries to create its control socket during
user login. This vulnerability has been discovered by
Sebastian Krahmer from the SUSE Security Team.
3. Impact:
A local attacker with a valid local account can under
certain circumstances make use of this vulnerability to
execute arbitrary code as root.
4. Solution:
Source code patches have been made available which fix these
vulnerabilities. Contact your OS vendor / binary package provider
for information about how to obtain updated binary packages.
5. Patch:
A patch for KDE 4.3.x-4.4.x is available from
ftp://ftp.kde.org/pub/kde/security_patches :
68c1dfe76e80812e5e049bb599b3374e kdebase-workspace-4.3.5-
CVE-2010-0436.diff
_______________________________________________
kde-announce mailing list
kde-announce@kde.org
https://mail.kde.org/mailman/listinfo/kde-announce
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic