CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:S/C:C/I:C/A:C
EPSS
Percentile
74.3%
KDM is the Display Manager for the graphical desktop environment KDE. It is part of the kdebase package.
Kees Huijgen discovered an error when checking the credentials which can lead to a login without specifying a password. This only occurs when auto login is configured for at least one user and a password is required to shut down the machine.
A local attacker could gain root privileges and execute arbitrary commands by logging in as root without specifying root’s password.
There is no known workaround at this time.
All KDM users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=kde-base/kdm-3.5.7-r2"
All kdebase users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=kde-base/kdebase-3.5.7-r4"
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Gentoo | any | all | kde-base/kdm | < 3.5.7-r2 | UNKNOWN |
Gentoo | any | all | kde-base/kdebase | < 3.5.7-r4 | UNKNOWN |