CVE-2007-4569

Sažetak

backend/session.c in KDM in KDE 3.3.0 through 3.5.7, when autologin is configured and "shutdown with password" is enabled, allows remote attackers to bypass the password requirement and login to arbitrary accounts via unspecified vectors.

Reference

http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00006.html
http://secunia.com/advisories/26894
http://secunia.com/advisories/26904
http://secunia.com/advisories/26915
http://secunia.com/advisories/26929
http://secunia.com/advisories/26977
http://secunia.com/advisories/27089
http://secunia.com/advisories/27096
http://secunia.com/advisories/27106
http://secunia.com/advisories/27180
http://secunia.com/advisories/27271
http://security.gentoo.org/glsa/glsa-200710-15.xml
http://securitytracker.com/id?1018724
http://www.debian.org/security/2007/dsa-1376
http://www.kde.org/info/security/advisory-20070919-1.txt
http://www.mandriva.com/security/advisories?name=MDKSA-2007:190
http://www.redhat.com/support/errata/RHSA-2007-0905.html
http://www.securityfocus.com/bid/25730
http://www.ubuntu.com/usn/usn-517-1
http://www.vupen.com/english/advisories/2007/3227
https://exchange.xforce.ibmcloud.com/vulnerabilities/36711
https://issues.rpath.com/browse/RPL-1725
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10359
https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00022.html
https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00084.html

CVSS

Base:	6.8
Impact:	10.0
Exploitability:	3.1

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:L/AC:L/Au:S/C:C/I:C/A:C

Zadnje važnije ažuriranje

29-09-2017 - 01:29

Objavljeno

21-09-2007 - 19:17