|
Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200606-23] KDM: Symlink vulnerability Vulnerability Scan
Vulnerability Scan Summary KDM: Symlink vulnerability
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200606-23
(KDM: Symlink vulnerability)
Ludwig Nussel discovered that KDM could be tricked into allowing users
to read files that would otherwise not be readable.
Impact
A local attacker could exploit this issue to obtain potentially
sensitive information that is usually not accessable to the local user
such as shadow files or other user's files. The default Gentoo user
running KDM is root and, as a result, the local attacker can read any
file.
Workaround
There is no known workaround at this time.
References:
http://www.kde.org/info/security/advisory-20060614-1.txt
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2449
Solution:
All kdebase users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose kde-base/kdebase
All KDE split ebuild users should upgrade to the latest KDM version:
# emerge --sync
# emerge --ask --oneshot --verbose kde-base/kdm
Threat Level: Medium
Click HERE for more information and discussions on this network vulnerability scan.
|