Info

Disclosure

Jun 14, 2006

Discovery

Unknown

Dates

Exploit

Jun 14, 2006

Solution

Unknown

Description

KDM contains a flaw that may allow a malicious local user to read any files on the system. The issue is due to the 'ReadDmrc()' function reading temporary files insecurely. It is possible for a user to use a symlink style attack to read arbitrary files, resulting in a loss of confidentiality.

Classification

Location: Local Access Required
Attack Type: Race Condition
Impact: Loss of Confidentiality
Exploit: Exploit Available
OSVDB: Web Related

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, KDE Project has released a patch to address this vulnerability.

Products

KDE Project

KDM

3.5.3

References

Security Tracker: 1016297 1016300
CVE ID: 2006-2449 (see also: NVD)
Secunia Advisory ID: 20602 20660 20674 20702 20785 20869 20890 21662
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-06/0279.html
Other Advisory URL: http://lists.suse.com/archive/suse-security-announce/2006-Jul/0002.html
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware- ......
http://www.gentoo.org/security/en/glsa/glsa-200606-23.xml
http://www.kde.org/info/security/advisory-20060614-1.txt
http://www.ubuntu.com/usn/usn-301-1
Packet Storm: http://packetstormsecurity.org/0606-advisories/advisory-20060614-1.txt
Vendor Specific Advisory URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:105
http://www.us.debian.org/security/2006/dsa-1156
RedHat RHSA: RHSA-2006:0548

Credit

Ludwig Nussel - ludwig.nusselsuse.de -

Direct URL: http://osvdb.org/36218