Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-4569

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2007-4569
Last Modified 07 Mar 2011 09:58:48
Published 21 Sep 2007 03:17:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2007-4569

Summary

backend/session.c in KDM in KDE 3.3.0 through 3.5.7, when autologin is configured and "shutdown with password" is enabled, allows remote attackers to bypass the password requirement and login to arbitrary accounts via unspecified vectors.

Vulnerable Systems

Operating System

  • Kde 3.3

  • Kde 3.3.0

  • Kde 3.3.1

  • Kde 3.3.2

  • Kde 3.4

  • Kde 3.4.0

  • Kde 3.4.1

  • Kde 3.4.2

  • Kde 3.4.3

  • Kde 3.5

  • Kde 3.5.0

  • Kde 3.5.1

  • Kde 3.5.2

  • Kde 3.5.3

  • Kde 3.5.4

  • Kde 3.5.5

  • Kde 3.5.6

  • Kde 3.5.7


References

BID - 25730

CONFIRM - http://www.kde.org/info/security/advisory-20070919-1.txt

VUPEN - ADV-2007-3227

FEDORA - FEDORA-2007-716

FEDORA - FEDORA-2007-2361

CONFIRM - https://issues.rpath.com/browse/RPL-1725

XF - kde-kdm-login-security-bypass(36711)

UBUNTU - USN-517-1

REDHAT - RHSA-2007:0905

MANDRIVA - MDKSA-2007:190

DEBIAN - DSA-1376

SECTRACK - 1018724

GENTOO - GLSA-200710-15

SECUNIA - 27271

SECUNIA - 27180

SECUNIA - 27106

SECUNIA - 27096

SECUNIA - 27089

SECUNIA - 26977

SECUNIA - 26929

SECUNIA - 26915

SECUNIA - 26904

SECUNIA - 26894

SUSE - SUSE-SR:2007:021


Last Updated: 27 May 2016 10:45:54