Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
centosCentOS ProjectCESA-2006:0548
HistoryJun 15, 2006 - 11:14 a.m.

kdebase security update

2006-06-1511:14:13
CentOS Project
lists.centos.org
45

4 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:H/Au:N/C:C/I:N/A:N

0.001 Low

EPSS

Percentile

26.5%

JSON

CentOS Errata and Security Advisory CESA-2006:0548

The kdebase packages provide the core applications for KDE, the K Desktop
Environment. These core packages include the KDE Display Manager (KDM).

Ludwig Nussel discovered a flaw in KDM. A malicious local KDM user could
use a symlink attack to read an arbitrary file that they would not normally
have permissions to read. (CVE-2006-2449)

Note: this issue does not affect the version of KDM as shipped with Red Hat
Enterprise Linux 2.1 or 3.

All users of KDM should upgrade to these updated packages which contain a
backported patch to correct this issue.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2006-June/075130.html
https://lists.centos.org/pipermail/centos-announce/2006-June/075131.html
https://lists.centos.org/pipermail/centos-announce/2006-June/075137.html
https://lists.centos.org/pipermail/centos-announce/2006-June/075138.html
https://lists.centos.org/pipermail/centos-announce/2006-June/075139.html

Affected packages:
kdebase
kdebase-devel

Upstream details at:
https://access.redhat.com/errata/RHSA-2006:0548

Related

nessus 11
openvas 6
securityvulns 1
prion 1
slackware 2
nvd 1
cve 1
gentoo 1
redhat 1
debian 1
ubuntucve 1
suse 1
ubuntu 1
cvelist 1
nessus
nessus
Mandrake Linux Security Advisory : kdebase (MDKSA-2006:105)
2006-06-16 00:00:00
SUSE-SA:2006:039: kdebase3-kdm
2007-02-18 00:00:00
CentOS 4 : kdebase (CESA-2006:0548)
2006-07-05 00:00:00
openvas
openvas
Gentoo Security Advisory GLSA 200606-23 (kdebase, KDM)
2008-09-24 00:00:00
Debian: Security Advisory (DSA-1156)
2008-01-17 00:00:00
Gentoo Security Advisory GLSA 200606-23 (kdebase, KDM)
2008-09-24 00:00:00
securityvulns
securityvulns
[USN-301-1] kdm vulnerability
2006-06-15 00:00:00
prion
prion
Sql injection
2006-06-15 10:02:00
slackware
slackware
SSA-2006-0628032502
2006-06-28 03:25:02
kdebase kdm local file reading vulnerability
2006-06-27 20:25:02
nvd
nvd
CVE-2006-2449
2006-06-15 10:02:00
cve
cve
CVE-2006-2449
2006-06-15 10:02:00
gentoo
gentoo
KDM: Symlink vulnerability
2006-06-22 00:00:00
redhat
redhat
(RHSA-2006:0548) kdebase security update
2006-06-14 00:00:00
debian
debian
[SECURITY] [DSA 1156-1] New kdebase packages fix information disclosure
2006-08-27 18:44:39
ubuntucve
ubuntucve
CVE-2006-2449
2006-06-15 00:00:00
suse
suse
local privilege escalation in kdebase3-kdm
2006-07-03 13:56:20
ubuntu
ubuntu
kdm vulnerability
2006-06-15 00:00:00
cvelist
cvelist
CVE-2006-2449
2006-06-15 10:00:00

4 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:H/Au:N/C:C/I:N/A:N

0.001 Low

EPSS

Percentile

26.5%

JSON
Related for CESA-2006:0548
nessus11openvas6securityvulns1prion1slackware2nvd1cve1gentoo1redhat1debian1ubuntucve1suse1ubuntu1cvelist1