|
Family: SuSE Local Security Checks --> Category: infos
SUSE-SA:2006:039: kdebase3-kdm Vulnerability Scan
Vulnerability Scan Summary Check for the version of the kdebase3-kdm package
Detailed Explanation for this Vulnerability Test
The remote host is missing the patch for the advisory SUSE-SA:2006:039 (kdebase3-kdm).
The KDE Display Manager KDM stores the type of the previously used
session in the user's home directory.
By using a symlink a local attacker could trick kdm into also storing
content of files that are normally not accessible by users, like for
instance /etc/shadow.
This problem is tracked by Mitre CVE ID CVE-2006-2449 and was
found by Ludwig Nussel of the SUSE Security Team.
Solution : http://www.suse.de/security/http://www.novell.com/linux/security/advisories/2006_39_kdm.html
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|