Executive Summary

Informations
Name CVE-2010-0436 First vendor Publication 2010-04-15
Vendor Cve Last vendor Modification 2017-09-19

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score 6.9 Attack Range Local
Cvss Impact Score 10 Attack Complexity Medium
Cvss Expoit Score 3.4 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Race condition in backend/ctrl.c in KDM in KDE Software Compilation (SC) 2.2.0 through 4.4.2 allows local users to change the permissions of arbitrary files, and consequently gain privileges, by blocking the removal of a certain directory that contains a control socket, related to improper interaction with ksm.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0436

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-362 Race Condition

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:12696
 
Oval ID: oval:org.mitre.oval:def:12696
Title: USN-932-1 -- kdebase-workspace vulnerability
Description: Sebastian Krahmer discovered a race condition in the KDE Display Manager . A local attacker could exploit this to change the permissions on arbitrary files, thus allowing privilege escalation.
Family: unix Class: patch
Reference(s): USN-932-1
CVE-2010-0436
Version: 5
Platform(s): Ubuntu 8.10
Ubuntu 9.10
Ubuntu 9.04
Product(s): kdebase-workspace
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13465
 
Oval ID: oval:org.mitre.oval:def:13465
Title: DSA-2037-1 kdm (kdebase) -- race condition
Description: Sebastian Krahmer discovered that a race condition in the KDE Desktop Environment’s KDM display manager, allow a local user to elevate privileges to root. For the stable distribution, this problem has been fixed in version 4:3.5.9.dfsg.1-6+lenny1. For the unstable distribution, this problem will be fixed soon. We recommend that you upgrade your kdm package.
Family: unix Class: patch
Reference(s): DSA-2037-1
CVE-2010-0436
Version: 7
Platform(s): Debian GNU/Linux 5.0
Product(s): kdm (kdebase)
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22179
 
Oval ID: oval:org.mitre.oval:def:22179
Title: RHSA-2010:0348: kdebase security update (Important)
Description: Race condition in backend/ctrl.c in KDM in KDE Software Compilation (SC) 2.2.0 through 4.4.2 allows local users to change the permissions of arbitrary files, and consequently gain privileges, by blocking the removal of a certain directory that contains a control socket, related to improper interaction with ksm.
Family: unix Class: patch
Reference(s): RHSA-2010:0348-01
CESA-2010:0348
CVE-2010-0436
Version: 4
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): kdebase
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22459
 
Oval ID: oval:org.mitre.oval:def:22459
Title: ELSA-2010:0348: kdebase security update (Important)
Description: Race condition in backend/ctrl.c in KDM in KDE Software Compilation (SC) 2.2.0 through 4.4.2 allows local users to change the permissions of arbitrary files, and consequently gain privileges, by blocking the removal of a certain directory that contains a control socket, related to improper interaction with ksm.
Family: unix Class: patch
Reference(s): ELSA-2010:0348-01
CVE-2010-0436
Version: 6
Platform(s): Oracle Linux 5
Product(s): kdebase
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7518
 
Oval ID: oval:org.mitre.oval:def:7518
Title: DSA-2037 kdebase -- race condition
Description: Sebastian Krahmer discovered that a race condition in the KDE Desktop Environment's KDM display manager, allow a local user to elevate privileges to root.
Family: unix Class: patch
Reference(s): DSA-2037
CVE-2010-0436
Version: 7
Platform(s): Debian GNU/Linux 5.0
Product(s): kdebase
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9999
 
Oval ID: oval:org.mitre.oval:def:9999
Title: Race condition in backend/ctrl.c in KDM in KDE Software Compilation (SC) 2.2.0 through 4.4.2 allows local users to change the permissions of arbitrary files, and consequently gain privileges, by blocking the removal of a certain directory that contains a control socket, related to improper interaction with ksm.
Description: Race condition in backend/ctrl.c in KDM in KDE Software Compilation (SC) 2.2.0 through 4.4.2 allows local users to change the permissions of arbitrary files, and consequently gain privileges, by blocking the removal of a certain directory that contains a control socket, related to improper interaction with ksm.
Family: unix Class: vulnerability
Reference(s): CVE-2010-0436
Version: 5
Platform(s): Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 11

OpenVAS Exploits

Date Description
2010-05-28 Name : Fedora Update for kdebase-workspace FEDORA-2010-8544
File : nvt/gb_fedora_2010_8544_kdebase-workspace_fc12.nasl
2010-05-28 Name : Fedora Update for kdebase-workspace FEDORA-2010-8547
File : nvt/gb_fedora_2010_8547_kdebase-workspace_fc11.nasl
2010-04-29 Name : Ubuntu Update for kdebase-workspace vulnerability USN-932-1
File : nvt/gb_ubuntu_USN_932_1.nasl
2010-04-29 Name : CentOS Update for kdebase CESA-2010:0348 centos4 i386
File : nvt/gb_CESA-2010_0348_kdebase_centos4_i386.nasl
2010-04-21 Name : Debian Security Advisory DSA 2037-1 (kdm (kdebase))
File : nvt/deb_2037_1.nasl
2010-04-21 Name : FreeBSD Ports: kdebase
File : nvt/freebsd_kdebase1.nasl
2010-04-19 Name : Fedora Update for kdemultimedia FEDORA-2010-6096
File : nvt/gb_fedora_2010_6096_kdemultimedia_fc12.nasl
2010-04-19 Name : Fedora Update for PyQt4 FEDORA-2010-6096
File : nvt/gb_fedora_2010_6096_PyQt4_fc12.nasl
2010-04-19 Name : Fedora Update for kdeaccessibility FEDORA-2010-6096
File : nvt/gb_fedora_2010_6096_kdeaccessibility_fc12.nasl
2010-04-19 Name : Fedora Update for kdeadmin FEDORA-2010-6096
File : nvt/gb_fedora_2010_6096_kdeadmin_fc12.nasl
2010-04-19 Name : Fedora Update for kdeartwork FEDORA-2010-6096
File : nvt/gb_fedora_2010_6096_kdeartwork_fc12.nasl
2010-04-19 Name : Fedora Update for kdebase-runtime FEDORA-2010-6096
File : nvt/gb_fedora_2010_6096_kdebase-runtime_fc12.nasl
2010-04-19 Name : Fedora Update for kdebase-workspace FEDORA-2010-6096
File : nvt/gb_fedora_2010_6096_kdebase-workspace_fc12.nasl
2010-04-19 Name : Fedora Update for kdebase FEDORA-2010-6096
File : nvt/gb_fedora_2010_6096_kdebase_fc12.nasl
2010-04-19 Name : Fedora Update for kdebindings FEDORA-2010-6096
File : nvt/gb_fedora_2010_6096_kdebindings_fc12.nasl
2010-04-19 Name : Fedora Update for kdeedu FEDORA-2010-6096
File : nvt/gb_fedora_2010_6096_kdeedu_fc12.nasl
2010-04-19 Name : Fedora Update for kdegames FEDORA-2010-6096
File : nvt/gb_fedora_2010_6096_kdegames_fc12.nasl
2010-04-19 Name : Fedora Update for kdegraphics FEDORA-2010-6096
File : nvt/gb_fedora_2010_6096_kdegraphics_fc12.nasl
2010-04-19 Name : Fedora Update for kdelibs FEDORA-2010-6096
File : nvt/gb_fedora_2010_6096_kdelibs_fc12.nasl
2010-04-19 Name : Fedora Update for kdenetwork FEDORA-2010-6096
File : nvt/gb_fedora_2010_6096_kdenetwork_fc12.nasl
2010-04-19 Name : Fedora Update for kdepim-runtime FEDORA-2010-6096
File : nvt/gb_fedora_2010_6096_kdepim-runtime_fc12.nasl
2010-04-19 Name : Fedora Update for kdepim FEDORA-2010-6096
File : nvt/gb_fedora_2010_6096_kdepim_fc12.nasl
2010-04-19 Name : Fedora Update for kdepimlibs FEDORA-2010-6096
File : nvt/gb_fedora_2010_6096_kdepimlibs_fc12.nasl
2010-04-19 Name : Fedora Update for kdeplasma-addons FEDORA-2010-6096
File : nvt/gb_fedora_2010_6096_kdeplasma-addons_fc12.nasl
2010-04-19 Name : Fedora Update for kdesdk FEDORA-2010-6096
File : nvt/gb_fedora_2010_6096_kdesdk_fc12.nasl
2010-04-19 Name : Fedora Update for kdetoys FEDORA-2010-6096
File : nvt/gb_fedora_2010_6096_kdetoys_fc12.nasl
2010-04-19 Name : Fedora Update for kdeutils FEDORA-2010-6096
File : nvt/gb_fedora_2010_6096_kdeutils_fc12.nasl
2010-04-19 Name : Fedora Update for konq-plugins FEDORA-2010-6096
File : nvt/gb_fedora_2010_6096_konq-plugins_fc12.nasl
2010-04-19 Name : Fedora Update for oxygen-icon-theme FEDORA-2010-6096
File : nvt/gb_fedora_2010_6096_oxygen-icon-theme_fc12.nasl
2010-04-19 Name : Fedora Update for sip FEDORA-2010-6096
File : nvt/gb_fedora_2010_6096_sip_fc12.nasl
2010-04-19 Name : Fedora Update for oxygen-icon-theme FEDORA-2010-6077
File : nvt/gb_fedora_2010_6077_oxygen-icon-theme_fc11.nasl
2010-04-19 Name : Fedora Update for PyQt4 FEDORA-2010-6077
File : nvt/gb_fedora_2010_6077_PyQt4_fc11.nasl
2010-04-19 Name : Fedora Update for kdeaccessibility FEDORA-2010-6077
File : nvt/gb_fedora_2010_6077_kdeaccessibility_fc11.nasl
2010-04-19 Name : Fedora Update for kdeadmin FEDORA-2010-6077
File : nvt/gb_fedora_2010_6077_kdeadmin_fc11.nasl
2010-04-19 Name : Fedora Update for kdeartwork FEDORA-2010-6077
File : nvt/gb_fedora_2010_6077_kdeartwork_fc11.nasl
2010-04-19 Name : Fedora Update for kdebase-runtime FEDORA-2010-6077
File : nvt/gb_fedora_2010_6077_kdebase-runtime_fc11.nasl
2010-04-19 Name : Fedora Update for kdebase-workspace FEDORA-2010-6077
File : nvt/gb_fedora_2010_6077_kdebase-workspace_fc11.nasl
2010-04-19 Name : Fedora Update for kdebase FEDORA-2010-6077
File : nvt/gb_fedora_2010_6077_kdebase_fc11.nasl
2010-04-19 Name : Fedora Update for kdebindings FEDORA-2010-6077
File : nvt/gb_fedora_2010_6077_kdebindings_fc11.nasl
2010-04-19 Name : Fedora Update for kdeedu FEDORA-2010-6077
File : nvt/gb_fedora_2010_6077_kdeedu_fc11.nasl
2010-04-19 Name : Fedora Update for kdegames FEDORA-2010-6077
File : nvt/gb_fedora_2010_6077_kdegames_fc11.nasl
2010-04-19 Name : Fedora Update for kdegraphics FEDORA-2010-6077
File : nvt/gb_fedora_2010_6077_kdegraphics_fc11.nasl
2010-04-19 Name : Fedora Update for kdelibs FEDORA-2010-6077
File : nvt/gb_fedora_2010_6077_kdelibs_fc11.nasl
2010-04-19 Name : Fedora Update for kdemultimedia FEDORA-2010-6077
File : nvt/gb_fedora_2010_6077_kdemultimedia_fc11.nasl
2010-04-19 Name : Fedora Update for kdenetwork FEDORA-2010-6077
File : nvt/gb_fedora_2010_6077_kdenetwork_fc11.nasl
2010-04-19 Name : Fedora Update for kdepim-runtime FEDORA-2010-6077
File : nvt/gb_fedora_2010_6077_kdepim-runtime_fc11.nasl
2010-04-19 Name : Fedora Update for kdepim FEDORA-2010-6077
File : nvt/gb_fedora_2010_6077_kdepim_fc11.nasl
2010-04-19 Name : Fedora Update for kdepimlibs FEDORA-2010-6077
File : nvt/gb_fedora_2010_6077_kdepimlibs_fc11.nasl
2010-04-19 Name : Fedora Update for kdeplasma-addons FEDORA-2010-6077
File : nvt/gb_fedora_2010_6077_kdeplasma-addons_fc11.nasl
2010-04-19 Name : Fedora Update for kdesdk FEDORA-2010-6077
File : nvt/gb_fedora_2010_6077_kdesdk_fc11.nasl
2010-04-19 Name : Fedora Update for kdetoys FEDORA-2010-6077
File : nvt/gb_fedora_2010_6077_kdetoys_fc11.nasl
2010-04-19 Name : Fedora Update for kdeutils FEDORA-2010-6077
File : nvt/gb_fedora_2010_6077_kdeutils_fc11.nasl
2010-04-19 Name : Fedora Update for konq-plugins FEDORA-2010-6077
File : nvt/gb_fedora_2010_6077_konq-plugins_fc11.nasl
2010-04-19 Name : Fedora Update for sip FEDORA-2010-6077
File : nvt/gb_fedora_2010_6077_sip_fc11.nasl
2010-04-16 Name : RedHat Update for kdebase RHSA-2010:0348-01
File : nvt/gb_RHSA-2010_0348-01_kdebase.nasl
2010-04-16 Name : Mandriva Update for kdebase MDVSA-2010:074 (kdebase)
File : nvt/gb_mandriva_MDVSA_2010_074.nasl
2010-02-19 Name : Mandriva Update for xdg-utils MDVA-2010:074 (xdg-utils)
File : nvt/gb_mandriva_MDVA_2010_074.nasl
0000-00-00 Name : Slackware Advisory SSA:2010-110-02 kdebase-workspace
File : nvt/esoft_slk_ssa_2010_110_02.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
63814 KDE KDM backend/ctrl.c Control Socket Race Condition Local Privilege Escalation

Nessus® Vulnerability Scanner

Date Description
2014-12-15 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201412-08.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2010-0348.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20100414_kdebase_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2011-05-28 Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2010-110-02.nasl - Type : ACT_GATHER_INFO
2010-12-02 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_kde4-kdm-100315.nasl - Type : ACT_GATHER_INFO
2010-10-11 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_fileshareset-6941.nasl - Type : ACT_GATHER_INFO
2010-07-01 Name : The remote Fedora host is missing one or more security updates.
File : fedora_2010-6077.nasl - Type : ACT_GATHER_INFO
2010-07-01 Name : The remote Fedora host is missing one or more security updates.
File : fedora_2010-6096.nasl - Type : ACT_GATHER_INFO
2010-07-01 Name : The remote Fedora host is missing a security update.
File : fedora_2010-6605.nasl - Type : ACT_GATHER_INFO
2010-07-01 Name : The remote Fedora host is missing one or more security updates.
File : fedora_2010-8544.nasl - Type : ACT_GATHER_INFO
2010-07-01 Name : The remote Fedora host is missing one or more security updates.
File : fedora_2010-8547.nasl - Type : ACT_GATHER_INFO
2010-05-11 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0348.nasl - Type : ACT_GATHER_INFO
2010-04-21 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2010-0348.nasl - Type : ACT_GATHER_INFO
2010-04-20 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-932-1.nasl - Type : ACT_GATHER_INFO
2010-04-19 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2037.nasl - Type : ACT_GATHER_INFO
2010-04-16 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2010-074.nasl - Type : ACT_GATHER_INFO
2010-04-15 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_fileshareset-100324.nasl - Type : ACT_GATHER_INFO
2010-04-15 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_kde4-kdm-100315.nasl - Type : ACT_GATHER_INFO
2010-04-15 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_fileshareset-100324.nasl - Type : ACT_GATHER_INFO
2010-04-15 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_kde4-kdm-100315.nasl - Type : ACT_GATHER_INFO
2010-04-15 Name : The remote openSUSE host is missing a security update.
File : suse_11_2_kde4-kdm-100315.nasl - Type : ACT_GATHER_INFO
2010-04-15 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_3987c5d147a911dfa0d50016d32f24fb.nasl - Type : ACT_GATHER_INFO
2010-04-15 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_fileshareset-6942.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source Url
BID http://www.securityfocus.com/bid/39467
CONFIRM ftp://ftp.kde.org/pub/kde/security_patches/kdebase-workspace-4.3.5-CVE-2010-0...
http://www.kde.org/info/security/advisory-20100413-1.txt
https://bugzilla.redhat.com/show_bug.cgi?id=570613
DEBIAN http://www.debian.org/security/2010/dsa-2037
FEDORA http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039533.html
OVAL https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova...
REDHAT http://rhn.redhat.com/errata/RHSA-2010-0348.html
SECUNIA http://secunia.com/advisories/39419
http://secunia.com/advisories/39481
http://secunia.com/advisories/39506
SUSE http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00002.html
VUPEN http://www.vupen.com/english/advisories/2010/0879
XF https://exchange.xforce.ibmcloud.com/vulnerabilities/57823

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
Date Informations
2020-05-23 00:25:14
  • Multiple Updates
2017-09-19 09:23:38
  • Multiple Updates
2017-08-17 09:22:55
  • Multiple Updates
2016-04-26 19:33:41
  • Multiple Updates
2014-12-16 13:24:34
  • Multiple Updates
2014-02-17 10:53:43
  • Multiple Updates
2013-05-10 23:17:34
  • Multiple Updates