what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 7 of 7 RSS Feed

CVE-2006-2449

Status Candidate

Overview

KDE Display Manager (KDM) in KDE 3.2.0 up to 3.5.3 allows local users to read arbitrary files via a symlink attack related to the session type for login.

Related Files

Debian Linux Security Advisory 1156-1
Posted Aug 28, 2006
Authored by Debian | Site debian.org

Debian Security Advisory 1156-1 - Ludwig Nussel discovered that kdm, the X display manager for KDE, handles access to the session type configuration file insecurely, which may lead to the disclosure of arbitrary files through a symlink attack.

tags | advisory, arbitrary
systems | linux, debian
advisories | CVE-2006-2449
SHA-256 | 7a3174cbb354a44f382da2a695d7fbcbcb184aea1ea2108b8518fe21141298a4
SUSE-SA-2006-039.txt
Posted Jul 9, 2006
Site suse.com

SUSE Security Announcement SUSE-SA:2006:039 - The KDE Display Manager KDM stores the type of the previously used session in the user's home directory. By using a symlink a local attacker could trick kdm into also storing content of files that are normally not accessible by users, like for instance /etc/shadow.

tags | advisory, local
systems | linux, suse
advisories | CVE-2006-2449
SHA-256 | 18340043ef80bb5762d216e41cd983547e930f12912ca8437322bda37790bb3e
Mandriva Linux Security Advisory 2006.106
Posted Jun 26, 2006
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory MDKSA-2006-106 - A problem with how kdm manages the ~/.dmrc file was discovered by Ludwig Nussel. By using a symlink attack, a local user could get kdm to read arbitrary files on the system, including privileged system files and those belonging to other users. Mandriva's mdkkdm also suffers from this same problem and has been patched to correct it. Only Corporate 3 is affected; in Mandriva Linux 2006, mdkkdm is in contribs.

tags | advisory, arbitrary, local
systems | linux, mandriva
advisories | CVE-2006-2449
SHA-256 | 12c7d7bbed47598b20f0c3286fc9734495a58d1ab4296976ebdd28d121278ae0
Mandriva Linux Security Advisory 2006.105
Posted Jun 26, 2006
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory MDKSA-2006-105 - A problem with how kdm manages the ~/.dmrc file was discovered by Ludwig Nussel. By using a symlink attack, a local user could get kdm to read arbitrary files on the system, including privileged system files and those belonging to other users.

tags | advisory, arbitrary, local
systems | linux, mandriva
advisories | CVE-2006-2449
SHA-256 | 28f616cfee5724b5d35435ebe771c4ddb1213b6e48e0caf0e8d8919f28e2a9e1
rPSA-2006-0106-1.txt
Posted Jun 26, 2006
Authored by rPath

KDM allows the user to select the session type for login. This setting is stored in the user home directory. Previous versions of KDM will follow a symbolic link and can thus disclose the contents of any file on the system (such as /etc/shadow) to arbitrary users. KDM is not the default window manager on rPath Linux.

tags | advisory, arbitrary
systems | linux
advisories | CVE-2006-2449
SHA-256 | a9c14d06d386e7a6bbe04cd8da68b66cbb0811902c497028d1b9ba9b2e4a088c
Ubuntu Security Notice 301-1
Posted Jun 21, 2006
Authored by Ubuntu | Site ubuntu.com

Ubuntu Security Notice 301-1 - Ludwig Nussel discovered that kdm managed the ~/.dmrc file in an insecure way. By performing a symlink attack, a local user could exploit this to read arbitrary files on the system, like private files of other users, /etc/shadow, and similarly sensitive data.

tags | advisory, arbitrary, local
systems | linux, ubuntu
advisories | CVE-2006-2449
SHA-256 | f22160a6ae8a12ea2e032bc8938369ef9366e3a3ba75d416124b6b6945c17e22
KDE Security Advisory 2006-06-14.1
Posted Jun 21, 2006
Authored by KDE Desktop | Site kde.org

KDE Security Advisory - KDM allows the user to select the session type for login. This setting is permanently stored in the user home directory. By using a symlink attack, KDM can be tricked into allowing the user to read file content that would otherwise be unreadable to this particular user. This vulnerability was discovered and reported by Ludwig Nussel. Affected is KDM as shipped with KDE 3.2.0 up to including 3.5.3. KDE 3.1.x and older and newer versions than KDE 3.5.3 are not affected.

tags | advisory
advisories | CVE-2006-2449
SHA-256 | 493de7dce7242b287dcc692387f2a132843559e38ab67417468d28a46688fab2
Page 1 of 1
Back1Next

File Archive:

September 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    261 Files
  • 2
    Sep 2nd
    17 Files
  • 3
    Sep 3rd
    38 Files
  • 4
    Sep 4th
    52 Files
  • 5
    Sep 5th
    23 Files
  • 6
    Sep 6th
    27 Files
  • 7
    Sep 7th
    0 Files
  • 8
    Sep 8th
    0 Files
  • 9
    Sep 9th
    0 Files
  • 10
    Sep 10th
    0 Files
  • 11
    Sep 11th
    0 Files
  • 12
    Sep 12th
    0 Files
  • 13
    Sep 13th
    0 Files
  • 14
    Sep 14th
    0 Files
  • 15
    Sep 15th
    0 Files
  • 16
    Sep 16th
    0 Files
  • 17
    Sep 17th
    0 Files
  • 18
    Sep 18th
    0 Files
  • 19
    Sep 19th
    0 Files
  • 20
    Sep 20th
    0 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close