Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-2449

Overview

Vulnerability Score 4.0 4.0
CVE Id CVE-2006-2449
Last Modified 07 Mar 2011 09:36:13
Published 15 Jun 2006 06:02:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity HIGH
Authentication NONE

CVE-2006-2449

Summary

KDE Display Manager (KDM) in KDE 3.2.0 up to 3.5.3 allows local users to read arbitrary files via a symlink attack related to the session type for login.

Vulnerable Systems

Operating System

  • Kde 3.2

  • Kde 3.2.1

  • Kde 3.2.2

  • Kde 3.2.3

  • Kde 3.3

  • Kde 3.3.1

  • Kde 3.3.2

  • Kde 3.4

  • Kde 3.4.1

  • Kde 3.4.2

  • Kde 3.4.3

  • Kde 3.5

  • Kde 3.5.2

  • Kde 3.5.3


References

UBUNTU - USN-301-1

BUGTRAQ - 20060614 [KDE Security Advisory] KDM symlink attack vulnerability

REDHAT - RHSA-2006:0548

VUPEN - ADV-2006-2355

BID - 18431

BUGTRAQ - 20060615 rPSA-2006-0106-1 kdebase

OSVDB - 26511

SUSE - SUSE-SA:2006:039

CONFIRM - http://www.kde.org/info/security/advisory-20060614-1.txt

GENTOO - GLSA-200606-23

DEBIAN - DSA-1156

SLACKWARE - SSA:2006-178-01

SECTRACK - 1016297

SECUNIA - 21662

SECUNIA - 20890

SECUNIA - 20869

SECUNIA - 20785

SECUNIA - 20702

SECUNIA - 20674

SECUNIA - 20660

SECUNIA - 20602

XF - kde-kdm-symlink(27181)

MANDRIVA - MDKSA-2006:106

MANDRIVA - MDKSA-2006:105


Last Updated: 27 May 2016 10:42:28