Executive Summary
Informations | |||
---|---|---|---|
Name | MDVSA-2010:074 | First vendor Publication | 2010-04-15 |
Vendor | Mandriva | Last vendor Modification | 2010-04-15 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:L/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 6.9 | Attack Range | Local |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 3.4 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
A vulnerability has been found and corrected in kdm (kdebase/kdebase4-workspace): KDM contains a race condition that allows local attackers to make arbitrary files on the system world-writeable. This can happen while KDM tries to create its control socket during user login. This vulnerability has been discovered by Sebastian Krahmer from the SUSE Security Team (CVE-2010-0436). It is adviced to reboot the computer after applying the updated packages in order to the security fix to take full effect. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct this issue. |
Original Source
Url : http://www.mandriva.com/security/advisories?name=MDVSA-2010:074 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-362 | Race Condition |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:22179 | |||
Oval ID: | oval:org.mitre.oval:def:22179 | ||
Title: | RHSA-2010:0348: kdebase security update (Important) | ||
Description: | Race condition in backend/ctrl.c in KDM in KDE Software Compilation (SC) 2.2.0 through 4.4.2 allows local users to change the permissions of arbitrary files, and consequently gain privileges, by blocking the removal of a certain directory that contains a control socket, related to improper interaction with ksm. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2010:0348-01 CESA-2010:0348 CVE-2010-0436 | Version: | 4 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | kdebase |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:22459 | |||
Oval ID: | oval:org.mitre.oval:def:22459 | ||
Title: | ELSA-2010:0348: kdebase security update (Important) | ||
Description: | Race condition in backend/ctrl.c in KDM in KDE Software Compilation (SC) 2.2.0 through 4.4.2 allows local users to change the permissions of arbitrary files, and consequently gain privileges, by blocking the removal of a certain directory that contains a control socket, related to improper interaction with ksm. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2010:0348-01 CVE-2010-0436 | Version: | 6 |
Platform(s): | Oracle Linux 5 | Product(s): | kdebase |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:9999 | |||
Oval ID: | oval:org.mitre.oval:def:9999 | ||
Title: | Race condition in backend/ctrl.c in KDM in KDE Software Compilation (SC) 2.2.0 through 4.4.2 allows local users to change the permissions of arbitrary files, and consequently gain privileges, by blocking the removal of a certain directory that contains a control socket, related to improper interaction with ksm. | ||
Description: | Race condition in backend/ctrl.c in KDM in KDE Software Compilation (SC) 2.2.0 through 4.4.2 allows local users to change the permissions of arbitrary files, and consequently gain privileges, by blocking the removal of a certain directory that contains a control socket, related to improper interaction with ksm. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-0436 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2010-05-28 | Name : Fedora Update for kdebase-workspace FEDORA-2010-8544 File : nvt/gb_fedora_2010_8544_kdebase-workspace_fc12.nasl |
2010-05-28 | Name : Fedora Update for kdebase-workspace FEDORA-2010-8547 File : nvt/gb_fedora_2010_8547_kdebase-workspace_fc11.nasl |
2010-04-29 | Name : Ubuntu Update for kdebase-workspace vulnerability USN-932-1 File : nvt/gb_ubuntu_USN_932_1.nasl |
2010-04-29 | Name : CentOS Update for kdebase CESA-2010:0348 centos4 i386 File : nvt/gb_CESA-2010_0348_kdebase_centos4_i386.nasl |
2010-04-21 | Name : Debian Security Advisory DSA 2037-1 (kdm (kdebase)) File : nvt/deb_2037_1.nasl |
2010-04-21 | Name : FreeBSD Ports: kdebase File : nvt/freebsd_kdebase1.nasl |
2010-04-19 | Name : Fedora Update for kdemultimedia FEDORA-2010-6096 File : nvt/gb_fedora_2010_6096_kdemultimedia_fc12.nasl |
2010-04-19 | Name : Fedora Update for PyQt4 FEDORA-2010-6096 File : nvt/gb_fedora_2010_6096_PyQt4_fc12.nasl |
2010-04-19 | Name : Fedora Update for kdeaccessibility FEDORA-2010-6096 File : nvt/gb_fedora_2010_6096_kdeaccessibility_fc12.nasl |
2010-04-19 | Name : Fedora Update for kdeadmin FEDORA-2010-6096 File : nvt/gb_fedora_2010_6096_kdeadmin_fc12.nasl |
2010-04-19 | Name : Fedora Update for kdeartwork FEDORA-2010-6096 File : nvt/gb_fedora_2010_6096_kdeartwork_fc12.nasl |
2010-04-19 | Name : Fedora Update for kdebase-runtime FEDORA-2010-6096 File : nvt/gb_fedora_2010_6096_kdebase-runtime_fc12.nasl |
2010-04-19 | Name : Fedora Update for kdebase-workspace FEDORA-2010-6096 File : nvt/gb_fedora_2010_6096_kdebase-workspace_fc12.nasl |
2010-04-19 | Name : Fedora Update for kdebase FEDORA-2010-6096 File : nvt/gb_fedora_2010_6096_kdebase_fc12.nasl |
2010-04-19 | Name : Fedora Update for kdebindings FEDORA-2010-6096 File : nvt/gb_fedora_2010_6096_kdebindings_fc12.nasl |
2010-04-19 | Name : Fedora Update for kdeedu FEDORA-2010-6096 File : nvt/gb_fedora_2010_6096_kdeedu_fc12.nasl |
2010-04-19 | Name : Fedora Update for kdegames FEDORA-2010-6096 File : nvt/gb_fedora_2010_6096_kdegames_fc12.nasl |
2010-04-19 | Name : Fedora Update for kdegraphics FEDORA-2010-6096 File : nvt/gb_fedora_2010_6096_kdegraphics_fc12.nasl |
2010-04-19 | Name : Fedora Update for kdelibs FEDORA-2010-6096 File : nvt/gb_fedora_2010_6096_kdelibs_fc12.nasl |
2010-04-19 | Name : Fedora Update for kdenetwork FEDORA-2010-6096 File : nvt/gb_fedora_2010_6096_kdenetwork_fc12.nasl |
2010-04-19 | Name : Fedora Update for kdepim-runtime FEDORA-2010-6096 File : nvt/gb_fedora_2010_6096_kdepim-runtime_fc12.nasl |
2010-04-19 | Name : Fedora Update for kdepim FEDORA-2010-6096 File : nvt/gb_fedora_2010_6096_kdepim_fc12.nasl |
2010-04-19 | Name : Fedora Update for kdepimlibs FEDORA-2010-6096 File : nvt/gb_fedora_2010_6096_kdepimlibs_fc12.nasl |
2010-04-19 | Name : Fedora Update for kdeplasma-addons FEDORA-2010-6096 File : nvt/gb_fedora_2010_6096_kdeplasma-addons_fc12.nasl |
2010-04-19 | Name : Fedora Update for kdesdk FEDORA-2010-6096 File : nvt/gb_fedora_2010_6096_kdesdk_fc12.nasl |
2010-04-19 | Name : Fedora Update for kdetoys FEDORA-2010-6096 File : nvt/gb_fedora_2010_6096_kdetoys_fc12.nasl |
2010-04-19 | Name : Fedora Update for kdeutils FEDORA-2010-6096 File : nvt/gb_fedora_2010_6096_kdeutils_fc12.nasl |
2010-04-19 | Name : Fedora Update for konq-plugins FEDORA-2010-6096 File : nvt/gb_fedora_2010_6096_konq-plugins_fc12.nasl |
2010-04-19 | Name : Fedora Update for oxygen-icon-theme FEDORA-2010-6096 File : nvt/gb_fedora_2010_6096_oxygen-icon-theme_fc12.nasl |
2010-04-19 | Name : Fedora Update for sip FEDORA-2010-6096 File : nvt/gb_fedora_2010_6096_sip_fc12.nasl |
2010-04-19 | Name : Fedora Update for oxygen-icon-theme FEDORA-2010-6077 File : nvt/gb_fedora_2010_6077_oxygen-icon-theme_fc11.nasl |
2010-04-19 | Name : Fedora Update for PyQt4 FEDORA-2010-6077 File : nvt/gb_fedora_2010_6077_PyQt4_fc11.nasl |
2010-04-19 | Name : Fedora Update for kdeaccessibility FEDORA-2010-6077 File : nvt/gb_fedora_2010_6077_kdeaccessibility_fc11.nasl |
2010-04-19 | Name : Fedora Update for kdeadmin FEDORA-2010-6077 File : nvt/gb_fedora_2010_6077_kdeadmin_fc11.nasl |
2010-04-19 | Name : Fedora Update for kdeartwork FEDORA-2010-6077 File : nvt/gb_fedora_2010_6077_kdeartwork_fc11.nasl |
2010-04-19 | Name : Fedora Update for kdebase-runtime FEDORA-2010-6077 File : nvt/gb_fedora_2010_6077_kdebase-runtime_fc11.nasl |
2010-04-19 | Name : Fedora Update for kdebase-workspace FEDORA-2010-6077 File : nvt/gb_fedora_2010_6077_kdebase-workspace_fc11.nasl |
2010-04-19 | Name : Fedora Update for kdebase FEDORA-2010-6077 File : nvt/gb_fedora_2010_6077_kdebase_fc11.nasl |
2010-04-19 | Name : Fedora Update for kdebindings FEDORA-2010-6077 File : nvt/gb_fedora_2010_6077_kdebindings_fc11.nasl |
2010-04-19 | Name : Fedora Update for kdeedu FEDORA-2010-6077 File : nvt/gb_fedora_2010_6077_kdeedu_fc11.nasl |
2010-04-19 | Name : Fedora Update for kdegames FEDORA-2010-6077 File : nvt/gb_fedora_2010_6077_kdegames_fc11.nasl |
2010-04-19 | Name : Fedora Update for kdegraphics FEDORA-2010-6077 File : nvt/gb_fedora_2010_6077_kdegraphics_fc11.nasl |
2010-04-19 | Name : Fedora Update for kdelibs FEDORA-2010-6077 File : nvt/gb_fedora_2010_6077_kdelibs_fc11.nasl |
2010-04-19 | Name : Fedora Update for kdemultimedia FEDORA-2010-6077 File : nvt/gb_fedora_2010_6077_kdemultimedia_fc11.nasl |
2010-04-19 | Name : Fedora Update for kdenetwork FEDORA-2010-6077 File : nvt/gb_fedora_2010_6077_kdenetwork_fc11.nasl |
2010-04-19 | Name : Fedora Update for kdepim-runtime FEDORA-2010-6077 File : nvt/gb_fedora_2010_6077_kdepim-runtime_fc11.nasl |
2010-04-19 | Name : Fedora Update for kdepim FEDORA-2010-6077 File : nvt/gb_fedora_2010_6077_kdepim_fc11.nasl |
2010-04-19 | Name : Fedora Update for kdepimlibs FEDORA-2010-6077 File : nvt/gb_fedora_2010_6077_kdepimlibs_fc11.nasl |
2010-04-19 | Name : Fedora Update for kdeplasma-addons FEDORA-2010-6077 File : nvt/gb_fedora_2010_6077_kdeplasma-addons_fc11.nasl |
2010-04-19 | Name : Fedora Update for kdesdk FEDORA-2010-6077 File : nvt/gb_fedora_2010_6077_kdesdk_fc11.nasl |
2010-04-19 | Name : Fedora Update for kdetoys FEDORA-2010-6077 File : nvt/gb_fedora_2010_6077_kdetoys_fc11.nasl |
2010-04-19 | Name : Fedora Update for kdeutils FEDORA-2010-6077 File : nvt/gb_fedora_2010_6077_kdeutils_fc11.nasl |
2010-04-19 | Name : Fedora Update for konq-plugins FEDORA-2010-6077 File : nvt/gb_fedora_2010_6077_konq-plugins_fc11.nasl |
2010-04-19 | Name : Fedora Update for sip FEDORA-2010-6077 File : nvt/gb_fedora_2010_6077_sip_fc11.nasl |
2010-04-16 | Name : RedHat Update for kdebase RHSA-2010:0348-01 File : nvt/gb_RHSA-2010_0348-01_kdebase.nasl |
2010-04-16 | Name : Mandriva Update for kdebase MDVSA-2010:074 (kdebase) File : nvt/gb_mandriva_MDVSA_2010_074.nasl |
2010-02-19 | Name : Mandriva Update for xdg-utils MDVA-2010:074 (xdg-utils) File : nvt/gb_mandriva_MDVA_2010_074.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2010-110-02 kdebase-workspace File : nvt/esoft_slk_ssa_2010_110_02.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
63814 | KDE KDM backend/ctrl.c Control Socket Race Condition Local Privilege Escalation |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2014-12-15 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201412-08.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0348.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20100414_kdebase_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2011-05-28 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2010-110-02.nasl - Type : ACT_GATHER_INFO |
2010-12-02 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_kde4-kdm-100315.nasl - Type : ACT_GATHER_INFO |
2010-10-11 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_fileshareset-6941.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2010-6077.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2010-6096.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-6605.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2010-8544.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2010-8547.nasl - Type : ACT_GATHER_INFO |
2010-05-11 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0348.nasl - Type : ACT_GATHER_INFO |
2010-04-21 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0348.nasl - Type : ACT_GATHER_INFO |
2010-04-20 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-932-1.nasl - Type : ACT_GATHER_INFO |
2010-04-19 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2037.nasl - Type : ACT_GATHER_INFO |
2010-04-16 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-074.nasl - Type : ACT_GATHER_INFO |
2010-04-15 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_fileshareset-100324.nasl - Type : ACT_GATHER_INFO |
2010-04-15 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_kde4-kdm-100315.nasl - Type : ACT_GATHER_INFO |
2010-04-15 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_fileshareset-100324.nasl - Type : ACT_GATHER_INFO |
2010-04-15 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_kde4-kdm-100315.nasl - Type : ACT_GATHER_INFO |
2010-04-15 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_kde4-kdm-100315.nasl - Type : ACT_GATHER_INFO |
2010-04-15 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_3987c5d147a911dfa0d50016d32f24fb.nasl - Type : ACT_GATHER_INFO |
2010-04-15 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_fileshareset-6942.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:41:23 |
|