exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 7 of 7 RSS Feed

CVE-2006-2449

Status Candidate

Overview

KDE Display Manager (KDM) in KDE 3.2.0 up to 3.5.3 allows local users to read arbitrary files via a symlink attack related to the session type for login.

Related Files

Debian Linux Security Advisory 1156-1
Posted Aug 28, 2006
Authored by Debian | Site debian.org

Debian Security Advisory 1156-1 - Ludwig Nussel discovered that kdm, the X display manager for KDE, handles access to the session type configuration file insecurely, which may lead to the disclosure of arbitrary files through a symlink attack.

tags | advisory, arbitrary
systems | linux, debian
advisories | CVE-2006-2449
SHA-256 | 7a3174cbb354a44f382da2a695d7fbcbcb184aea1ea2108b8518fe21141298a4
SUSE-SA-2006-039.txt
Posted Jul 9, 2006
Site suse.com

SUSE Security Announcement SUSE-SA:2006:039 - The KDE Display Manager KDM stores the type of the previously used session in the user's home directory. By using a symlink a local attacker could trick kdm into also storing content of files that are normally not accessible by users, like for instance /etc/shadow.

tags | advisory, local
systems | linux, suse
advisories | CVE-2006-2449
SHA-256 | 18340043ef80bb5762d216e41cd983547e930f12912ca8437322bda37790bb3e
Mandriva Linux Security Advisory 2006.106
Posted Jun 26, 2006
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory MDKSA-2006-106 - A problem with how kdm manages the ~/.dmrc file was discovered by Ludwig Nussel. By using a symlink attack, a local user could get kdm to read arbitrary files on the system, including privileged system files and those belonging to other users. Mandriva's mdkkdm also suffers from this same problem and has been patched to correct it. Only Corporate 3 is affected; in Mandriva Linux 2006, mdkkdm is in contribs.

tags | advisory, arbitrary, local
systems | linux, mandriva
advisories | CVE-2006-2449
SHA-256 | 12c7d7bbed47598b20f0c3286fc9734495a58d1ab4296976ebdd28d121278ae0
Mandriva Linux Security Advisory 2006.105
Posted Jun 26, 2006
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory MDKSA-2006-105 - A problem with how kdm manages the ~/.dmrc file was discovered by Ludwig Nussel. By using a symlink attack, a local user could get kdm to read arbitrary files on the system, including privileged system files and those belonging to other users.

tags | advisory, arbitrary, local
systems | linux, mandriva
advisories | CVE-2006-2449
SHA-256 | 28f616cfee5724b5d35435ebe771c4ddb1213b6e48e0caf0e8d8919f28e2a9e1
rPSA-2006-0106-1.txt
Posted Jun 26, 2006
Authored by rPath

KDM allows the user to select the session type for login. This setting is stored in the user home directory. Previous versions of KDM will follow a symbolic link and can thus disclose the contents of any file on the system (such as /etc/shadow) to arbitrary users. KDM is not the default window manager on rPath Linux.

tags | advisory, arbitrary
systems | linux
advisories | CVE-2006-2449
SHA-256 | a9c14d06d386e7a6bbe04cd8da68b66cbb0811902c497028d1b9ba9b2e4a088c
Ubuntu Security Notice 301-1
Posted Jun 21, 2006
Authored by Ubuntu | Site ubuntu.com

Ubuntu Security Notice 301-1 - Ludwig Nussel discovered that kdm managed the ~/.dmrc file in an insecure way. By performing a symlink attack, a local user could exploit this to read arbitrary files on the system, like private files of other users, /etc/shadow, and similarly sensitive data.

tags | advisory, arbitrary, local
systems | linux, ubuntu
advisories | CVE-2006-2449
SHA-256 | f22160a6ae8a12ea2e032bc8938369ef9366e3a3ba75d416124b6b6945c17e22
KDE Security Advisory 2006-06-14.1
Posted Jun 21, 2006
Authored by KDE Desktop | Site kde.org

KDE Security Advisory - KDM allows the user to select the session type for login. This setting is permanently stored in the user home directory. By using a symlink attack, KDM can be tricked into allowing the user to read file content that would otherwise be unreadable to this particular user. This vulnerability was discovered and reported by Ludwig Nussel. Affected is KDM as shipped with KDE 3.2.0 up to including 3.5.3. KDE 3.1.x and older and newer versions than KDE 3.5.3 are not affected.

tags | advisory
advisories | CVE-2006-2449
SHA-256 | 493de7dce7242b287dcc692387f2a132843559e38ab67417468d28a46688fab2
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close