LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

kdm: privilege escalation

Package(s):kdebase3 kde4-kdm CVE #(s):CVE-2010-0436
Created:April 14, 2010 Updated:June 1, 2010
Description: From the KDE advisory:

KDM contains a race condition that allows local attackers to make arbitrary files on the system world-writeable. This can happen while KDM tries to create its control socket during user login. This vulnerability has been discovered by Sebastian Krahmer from the SUSE Security Team.

Alerts:
CentOS CESA-2010:0348 2010-06-01
CentOS CESA-2010:0348 2010-06-01
Slackware SSA:2010-110-02 2010-04-21
CentOS CESA-2010:0348 2010-04-20
Ubuntu USN-932-1 2010-04-19
Pardus 2010-50 2010-04-20
Debian DSA-2037-1 2010-04-17
Fedora FEDORA-2010-6077 2010-04-09
Fedora FEDORA-2010-6096 2010-04-09
Mandriva MDVSA-2010:074 2010-04-15
Red Hat RHSA-2010:0348-01 2010-04-14
SuSE SUSE-SR:2010:009 2010-04-14
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds