Debian Security Advisory 1156-1 - Ludwig Nussel discovered that kdm, the X display manager for KDE, handles access to the session type configuration file insecurely, which may lead to the disclosure of arbitrary files through a symlink attack.
7a3174cbb354a44f382da2a695d7fbcbcb184aea1ea2108b8518fe21141298a4
SUSE Security Announcement SUSE-SA:2006:039 - The KDE Display Manager KDM stores the type of the previously used session in the user's home directory. By using a symlink a local attacker could trick kdm into also storing content of files that are normally not accessible by users, like for instance /etc/shadow.
18340043ef80bb5762d216e41cd983547e930f12912ca8437322bda37790bb3e
Mandriva Linux Security Advisory MDKSA-2006-106 - A problem with how kdm manages the ~/.dmrc file was discovered by Ludwig Nussel. By using a symlink attack, a local user could get kdm to read arbitrary files on the system, including privileged system files and those belonging to other users. Mandriva's mdkkdm also suffers from this same problem and has been patched to correct it. Only Corporate 3 is affected; in Mandriva Linux 2006, mdkkdm is in contribs.
12c7d7bbed47598b20f0c3286fc9734495a58d1ab4296976ebdd28d121278ae0
Mandriva Linux Security Advisory MDKSA-2006-105 - A problem with how kdm manages the ~/.dmrc file was discovered by Ludwig Nussel. By using a symlink attack, a local user could get kdm to read arbitrary files on the system, including privileged system files and those belonging to other users.
28f616cfee5724b5d35435ebe771c4ddb1213b6e48e0caf0e8d8919f28e2a9e1
KDM allows the user to select the session type for login. This setting is stored in the user home directory. Previous versions of KDM will follow a symbolic link and can thus disclose the contents of any file on the system (such as /etc/shadow) to arbitrary users. KDM is not the default window manager on rPath Linux.
a9c14d06d386e7a6bbe04cd8da68b66cbb0811902c497028d1b9ba9b2e4a088c
Ubuntu Security Notice 301-1 - Ludwig Nussel discovered that kdm managed the ~/.dmrc file in an insecure way. By performing a symlink attack, a local user could exploit this to read arbitrary files on the system, like private files of other users, /etc/shadow, and similarly sensitive data.
f22160a6ae8a12ea2e032bc8938369ef9366e3a3ba75d416124b6b6945c17e22
KDE Security Advisory - KDM allows the user to select the session type for login. This setting is permanently stored in the user home directory. By using a symlink attack, KDM can be tricked into allowing the user to read file content that would otherwise be unreadable to this particular user. This vulnerability was discovered and reported by Ludwig Nussel. Affected is KDM as shipped with KDE 3.2.0 up to including 3.5.3. KDE 3.1.x and older and newer versions than KDE 3.5.3 are not affected.
493de7dce7242b287dcc692387f2a132843559e38ab67417468d28a46688fab2