Executive Summary
Summary | |
---|---|
Title | kdebase security update |
Informations | |||
---|---|---|---|
Name | RHSA-2010:0348 | First vendor Publication | 2010-04-14 |
Vendor | RedHat | Last vendor Modification | 2010-04-14 |
Severity (Vendor) | Important | Revision | 01 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:L/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 6.9 | Attack Range | Local |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 3.4 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Problem Description: Updated kdebase packages that fix one security issue are now available for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Description: The K Desktop Environment (KDE) is a graphical desktop environment for the X Window System. The kdebase packages include core applications for KDE. A privilege escalation flaw was found in the KDE Display Manager (KDM). A local user with console access could trigger a race condition, possibly resulting in the permissions of an arbitrary file being set to world writable, allowing privilege escalation. (CVE-2010-0436) Red Hat would like to thank Sebastian Krahmer of the SuSE Security Team for responsibly reporting this issue. Users of KDE should upgrade to these updated packages, which contain a backported patch to correct this issue. The system should be rebooted for this update to take effect. After the reboot, administrators should manually remove all leftover user-owned dmctl-* directories in "/var/run/xdmctl/". 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 570613 - CVE-2010-0436 kdm privilege escalation flaw |
Original Source
Url : https://rhn.redhat.com/errata/RHSA-2010-0348.html |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-362 | Race Condition |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:22179 | |||
Oval ID: | oval:org.mitre.oval:def:22179 | ||
Title: | RHSA-2010:0348: kdebase security update (Important) | ||
Description: | Race condition in backend/ctrl.c in KDM in KDE Software Compilation (SC) 2.2.0 through 4.4.2 allows local users to change the permissions of arbitrary files, and consequently gain privileges, by blocking the removal of a certain directory that contains a control socket, related to improper interaction with ksm. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2010:0348-01 CESA-2010:0348 CVE-2010-0436 | Version: | 4 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | kdebase |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:22459 | |||
Oval ID: | oval:org.mitre.oval:def:22459 | ||
Title: | ELSA-2010:0348: kdebase security update (Important) | ||
Description: | Race condition in backend/ctrl.c in KDM in KDE Software Compilation (SC) 2.2.0 through 4.4.2 allows local users to change the permissions of arbitrary files, and consequently gain privileges, by blocking the removal of a certain directory that contains a control socket, related to improper interaction with ksm. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2010:0348-01 CVE-2010-0436 | Version: | 6 |
Platform(s): | Oracle Linux 5 | Product(s): | kdebase |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:9999 | |||
Oval ID: | oval:org.mitre.oval:def:9999 | ||
Title: | Race condition in backend/ctrl.c in KDM in KDE Software Compilation (SC) 2.2.0 through 4.4.2 allows local users to change the permissions of arbitrary files, and consequently gain privileges, by blocking the removal of a certain directory that contains a control socket, related to improper interaction with ksm. | ||
Description: | Race condition in backend/ctrl.c in KDM in KDE Software Compilation (SC) 2.2.0 through 4.4.2 allows local users to change the permissions of arbitrary files, and consequently gain privileges, by blocking the removal of a certain directory that contains a control socket, related to improper interaction with ksm. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-0436 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2010-05-28 | Name : Fedora Update for kdebase-workspace FEDORA-2010-8544 File : nvt/gb_fedora_2010_8544_kdebase-workspace_fc12.nasl |
2010-05-28 | Name : Fedora Update for kdebase-workspace FEDORA-2010-8547 File : nvt/gb_fedora_2010_8547_kdebase-workspace_fc11.nasl |
2010-04-29 | Name : Ubuntu Update for kdebase-workspace vulnerability USN-932-1 File : nvt/gb_ubuntu_USN_932_1.nasl |
2010-04-29 | Name : CentOS Update for kdebase CESA-2010:0348 centos4 i386 File : nvt/gb_CESA-2010_0348_kdebase_centos4_i386.nasl |
2010-04-21 | Name : Debian Security Advisory DSA 2037-1 (kdm (kdebase)) File : nvt/deb_2037_1.nasl |
2010-04-21 | Name : FreeBSD Ports: kdebase File : nvt/freebsd_kdebase1.nasl |
2010-04-19 | Name : Fedora Update for kdemultimedia FEDORA-2010-6096 File : nvt/gb_fedora_2010_6096_kdemultimedia_fc12.nasl |
2010-04-19 | Name : Fedora Update for PyQt4 FEDORA-2010-6096 File : nvt/gb_fedora_2010_6096_PyQt4_fc12.nasl |
2010-04-19 | Name : Fedora Update for kdeaccessibility FEDORA-2010-6096 File : nvt/gb_fedora_2010_6096_kdeaccessibility_fc12.nasl |
2010-04-19 | Name : Fedora Update for kdeadmin FEDORA-2010-6096 File : nvt/gb_fedora_2010_6096_kdeadmin_fc12.nasl |
2010-04-19 | Name : Fedora Update for kdeartwork FEDORA-2010-6096 File : nvt/gb_fedora_2010_6096_kdeartwork_fc12.nasl |
2010-04-19 | Name : Fedora Update for kdebase-runtime FEDORA-2010-6096 File : nvt/gb_fedora_2010_6096_kdebase-runtime_fc12.nasl |
2010-04-19 | Name : Fedora Update for kdebase-workspace FEDORA-2010-6096 File : nvt/gb_fedora_2010_6096_kdebase-workspace_fc12.nasl |
2010-04-19 | Name : Fedora Update for kdebase FEDORA-2010-6096 File : nvt/gb_fedora_2010_6096_kdebase_fc12.nasl |
2010-04-19 | Name : Fedora Update for kdebindings FEDORA-2010-6096 File : nvt/gb_fedora_2010_6096_kdebindings_fc12.nasl |
2010-04-19 | Name : Fedora Update for kdeedu FEDORA-2010-6096 File : nvt/gb_fedora_2010_6096_kdeedu_fc12.nasl |
2010-04-19 | Name : Fedora Update for kdegames FEDORA-2010-6096 File : nvt/gb_fedora_2010_6096_kdegames_fc12.nasl |
2010-04-19 | Name : Fedora Update for kdegraphics FEDORA-2010-6096 File : nvt/gb_fedora_2010_6096_kdegraphics_fc12.nasl |
2010-04-19 | Name : Fedora Update for kdelibs FEDORA-2010-6096 File : nvt/gb_fedora_2010_6096_kdelibs_fc12.nasl |
2010-04-19 | Name : Fedora Update for kdenetwork FEDORA-2010-6096 File : nvt/gb_fedora_2010_6096_kdenetwork_fc12.nasl |
2010-04-19 | Name : Fedora Update for kdepim-runtime FEDORA-2010-6096 File : nvt/gb_fedora_2010_6096_kdepim-runtime_fc12.nasl |
2010-04-19 | Name : Fedora Update for kdepim FEDORA-2010-6096 File : nvt/gb_fedora_2010_6096_kdepim_fc12.nasl |
2010-04-19 | Name : Fedora Update for kdepimlibs FEDORA-2010-6096 File : nvt/gb_fedora_2010_6096_kdepimlibs_fc12.nasl |
2010-04-19 | Name : Fedora Update for kdeplasma-addons FEDORA-2010-6096 File : nvt/gb_fedora_2010_6096_kdeplasma-addons_fc12.nasl |
2010-04-19 | Name : Fedora Update for kdesdk FEDORA-2010-6096 File : nvt/gb_fedora_2010_6096_kdesdk_fc12.nasl |
2010-04-19 | Name : Fedora Update for kdetoys FEDORA-2010-6096 File : nvt/gb_fedora_2010_6096_kdetoys_fc12.nasl |
2010-04-19 | Name : Fedora Update for kdeutils FEDORA-2010-6096 File : nvt/gb_fedora_2010_6096_kdeutils_fc12.nasl |
2010-04-19 | Name : Fedora Update for konq-plugins FEDORA-2010-6096 File : nvt/gb_fedora_2010_6096_konq-plugins_fc12.nasl |
2010-04-19 | Name : Fedora Update for oxygen-icon-theme FEDORA-2010-6096 File : nvt/gb_fedora_2010_6096_oxygen-icon-theme_fc12.nasl |
2010-04-19 | Name : Fedora Update for sip FEDORA-2010-6096 File : nvt/gb_fedora_2010_6096_sip_fc12.nasl |
2010-04-19 | Name : Fedora Update for oxygen-icon-theme FEDORA-2010-6077 File : nvt/gb_fedora_2010_6077_oxygen-icon-theme_fc11.nasl |
2010-04-19 | Name : Fedora Update for PyQt4 FEDORA-2010-6077 File : nvt/gb_fedora_2010_6077_PyQt4_fc11.nasl |
2010-04-19 | Name : Fedora Update for kdeaccessibility FEDORA-2010-6077 File : nvt/gb_fedora_2010_6077_kdeaccessibility_fc11.nasl |
2010-04-19 | Name : Fedora Update for kdeadmin FEDORA-2010-6077 File : nvt/gb_fedora_2010_6077_kdeadmin_fc11.nasl |
2010-04-19 | Name : Fedora Update for kdeartwork FEDORA-2010-6077 File : nvt/gb_fedora_2010_6077_kdeartwork_fc11.nasl |
2010-04-19 | Name : Fedora Update for kdebase-runtime FEDORA-2010-6077 File : nvt/gb_fedora_2010_6077_kdebase-runtime_fc11.nasl |
2010-04-19 | Name : Fedora Update for kdebase-workspace FEDORA-2010-6077 File : nvt/gb_fedora_2010_6077_kdebase-workspace_fc11.nasl |
2010-04-19 | Name : Fedora Update for kdebase FEDORA-2010-6077 File : nvt/gb_fedora_2010_6077_kdebase_fc11.nasl |
2010-04-19 | Name : Fedora Update for kdebindings FEDORA-2010-6077 File : nvt/gb_fedora_2010_6077_kdebindings_fc11.nasl |
2010-04-19 | Name : Fedora Update for kdeedu FEDORA-2010-6077 File : nvt/gb_fedora_2010_6077_kdeedu_fc11.nasl |
2010-04-19 | Name : Fedora Update for kdegames FEDORA-2010-6077 File : nvt/gb_fedora_2010_6077_kdegames_fc11.nasl |
2010-04-19 | Name : Fedora Update for kdegraphics FEDORA-2010-6077 File : nvt/gb_fedora_2010_6077_kdegraphics_fc11.nasl |
2010-04-19 | Name : Fedora Update for kdelibs FEDORA-2010-6077 File : nvt/gb_fedora_2010_6077_kdelibs_fc11.nasl |
2010-04-19 | Name : Fedora Update for kdemultimedia FEDORA-2010-6077 File : nvt/gb_fedora_2010_6077_kdemultimedia_fc11.nasl |
2010-04-19 | Name : Fedora Update for kdenetwork FEDORA-2010-6077 File : nvt/gb_fedora_2010_6077_kdenetwork_fc11.nasl |
2010-04-19 | Name : Fedora Update for kdepim-runtime FEDORA-2010-6077 File : nvt/gb_fedora_2010_6077_kdepim-runtime_fc11.nasl |
2010-04-19 | Name : Fedora Update for kdepim FEDORA-2010-6077 File : nvt/gb_fedora_2010_6077_kdepim_fc11.nasl |
2010-04-19 | Name : Fedora Update for kdepimlibs FEDORA-2010-6077 File : nvt/gb_fedora_2010_6077_kdepimlibs_fc11.nasl |
2010-04-19 | Name : Fedora Update for kdeplasma-addons FEDORA-2010-6077 File : nvt/gb_fedora_2010_6077_kdeplasma-addons_fc11.nasl |
2010-04-19 | Name : Fedora Update for kdesdk FEDORA-2010-6077 File : nvt/gb_fedora_2010_6077_kdesdk_fc11.nasl |
2010-04-19 | Name : Fedora Update for kdetoys FEDORA-2010-6077 File : nvt/gb_fedora_2010_6077_kdetoys_fc11.nasl |
2010-04-19 | Name : Fedora Update for kdeutils FEDORA-2010-6077 File : nvt/gb_fedora_2010_6077_kdeutils_fc11.nasl |
2010-04-19 | Name : Fedora Update for konq-plugins FEDORA-2010-6077 File : nvt/gb_fedora_2010_6077_konq-plugins_fc11.nasl |
2010-04-19 | Name : Fedora Update for sip FEDORA-2010-6077 File : nvt/gb_fedora_2010_6077_sip_fc11.nasl |
2010-04-16 | Name : RedHat Update for kdebase RHSA-2010:0348-01 File : nvt/gb_RHSA-2010_0348-01_kdebase.nasl |
2010-04-16 | Name : Mandriva Update for kdebase MDVSA-2010:074 (kdebase) File : nvt/gb_mandriva_MDVSA_2010_074.nasl |
2010-02-19 | Name : Mandriva Update for xdg-utils MDVA-2010:074 (xdg-utils) File : nvt/gb_mandriva_MDVA_2010_074.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2010-110-02 kdebase-workspace File : nvt/esoft_slk_ssa_2010_110_02.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
63814 | KDE KDM backend/ctrl.c Control Socket Race Condition Local Privilege Escalation |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2014-12-15 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201412-08.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0348.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20100414_kdebase_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2011-05-28 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2010-110-02.nasl - Type : ACT_GATHER_INFO |
2010-12-02 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_kde4-kdm-100315.nasl - Type : ACT_GATHER_INFO |
2010-10-11 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_fileshareset-6941.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2010-6077.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2010-6096.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-6605.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2010-8544.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2010-8547.nasl - Type : ACT_GATHER_INFO |
2010-05-11 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0348.nasl - Type : ACT_GATHER_INFO |
2010-04-21 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0348.nasl - Type : ACT_GATHER_INFO |
2010-04-20 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-932-1.nasl - Type : ACT_GATHER_INFO |
2010-04-19 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2037.nasl - Type : ACT_GATHER_INFO |
2010-04-16 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-074.nasl - Type : ACT_GATHER_INFO |
2010-04-15 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_fileshareset-100324.nasl - Type : ACT_GATHER_INFO |
2010-04-15 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_kde4-kdm-100315.nasl - Type : ACT_GATHER_INFO |
2010-04-15 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_fileshareset-100324.nasl - Type : ACT_GATHER_INFO |
2010-04-15 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_kde4-kdm-100315.nasl - Type : ACT_GATHER_INFO |
2010-04-15 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_kde4-kdm-100315.nasl - Type : ACT_GATHER_INFO |
2010-04-15 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_3987c5d147a911dfa0d50016d32f24fb.nasl - Type : ACT_GATHER_INFO |
2010-04-15 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_fileshareset-6942.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:53:27 |
|