|| ||Dirk Mueller <mueller-AT-kde.org> |
|| ||kde-announce-AT-kde.org |
|| ||[kde-announce] KDE Security Advisory: KDM Local Privilege
Escalation Vulnerability |
|| ||Tue, 13 Apr 2010 17:16:17 +0200|
|| ||Article, Thread
KDE Security Advisory: KDM Local Privilege Escalation Vulnerability
Original Release Date: 2010-04-13
1. Systems affected:
KDM as shipped with KDE SC 2.2.0 up to including KDE SC 4.4.2
KDM contains a race condition that allows local attackers to
make arbitrary files on the system world-writeable. This can
happen while KDM tries to create its control socket during
user login. This vulnerability has been discovered by
Sebastian Krahmer from the SUSE Security Team.
A local attacker with a valid local account can under
certain circumstances make use of this vulnerability to
execute arbitrary code as root.
Source code patches have been made available which fix these
vulnerabilities. Contact your OS vendor / binary package provider
for information about how to obtain updated binary packages.
A patch for KDE 4.3.x-4.4.x is available from
kde-announce mailing list
to post comments)