CVE-2007-4569

backend/session.c in KDM in KDE 3.3.0 through 3.5.7, when autologin is configured and "shutdown with password" is enabled, allows remote attackers to bypass the password requirement and login to arbitrary accounts via unspecified vectors.

CVSS v2.0 6.8 MEDIUM

6.8^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:L/AC:L/Au:S/C:C/I:C/A:C

Exploitability : 3.1 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00006.html
http://secunia.com/advisories/26894
http://secunia.com/advisories/26904
http://secunia.com/advisories/26915
http://secunia.com/advisories/26929
http://secunia.com/advisories/26977
http://secunia.com/advisories/27089
http://secunia.com/advisories/27096
http://secunia.com/advisories/27106
http://secunia.com/advisories/27180
http://secunia.com/advisories/27271
http://security.gentoo.org/glsa/glsa-200710-15.xml
http://securitytracker.com/id?1018724
http://www.debian.org/security/2007/dsa-1376
http://www.kde.org/info/security/advisory-20070919-1.txt	Patch Vendor Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2007:190
http://www.redhat.com/support/errata/RHSA-2007-0905.html
http://www.securityfocus.com/bid/25730	Patch
http://www.ubuntu.com/usn/usn-517-1
http://www.vupen.com/english/advisories/2007/3227
https://exchange.xforce.ibmcloud.com/vulnerabilities/36711
https://issues.rpath.com/browse/RPL-1725
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10359
https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00022.html
https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00084.html
http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00006.html
http://secunia.com/advisories/26894
http://secunia.com/advisories/26904
http://secunia.com/advisories/26915
http://secunia.com/advisories/26929
http://secunia.com/advisories/26977
http://secunia.com/advisories/27089
http://secunia.com/advisories/27096
http://secunia.com/advisories/27106
http://secunia.com/advisories/27180
http://secunia.com/advisories/27271
http://security.gentoo.org/glsa/glsa-200710-15.xml
http://securitytracker.com/id?1018724
http://www.debian.org/security/2007/dsa-1376
http://www.kde.org/info/security/advisory-20070919-1.txt	Patch Vendor Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2007:190
http://www.redhat.com/support/errata/RHSA-2007-0905.html
http://www.securityfocus.com/bid/25730	Patch
http://www.ubuntu.com/usn/usn-517-1
http://www.vupen.com/english/advisories/2007/3227
https://exchange.xforce.ibmcloud.com/vulnerabilities/36711
https://issues.rpath.com/browse/RPL-1725
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10359
https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00022.html
https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00084.html

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:kde:kde:3.3:::::::*
	cpe:2.3:o:kde:kde:3.3.0:::::::*
	cpe:2.3:o:kde:kde:3.3.1:::::::*
	cpe:2.3:o:kde:kde:3.3.2:::::::*
	cpe:2.3:o:kde:kde:3.4:::::::*
	cpe:2.3:o:kde:kde:3.4.0:::::::*
	cpe:2.3:o:kde:kde:3.4.1:::::::*
	cpe:2.3:o:kde:kde:3.4.2:::::::*
	cpe:2.3:o:kde:kde:3.4.3:::::::*
	cpe:2.3:o:kde:kde:3.5:::::::*
	cpe:2.3:o:kde:kde:3.5.0:::::::*
	cpe:2.3:o:kde:kde:3.5.1:::::::*
	cpe:2.3:o:kde:kde:3.5.2:::::::*
	cpe:2.3:o:kde:kde:3.5.3:::::::*
	cpe:2.3:o:kde:kde:3.5.4:::::::*
	cpe:2.3:o:kde:kde:3.5.5:::::::*
	cpe:2.3:o:kde:kde:3.5.6:::::::*
	cpe:2.3:o:kde:kde:3.5.7:::::::*

History

21 Nov 2024, 00:35

Information

Published : 2007-09-21 19:17

Updated : 2024-11-21 00:35

NVD link : CVE-2007-4569

Mitre link : CVE-2007-4569

CVE.ORG link : CVE-2007-4569

JSON object : View

Products Affected

kde

CWE

CWE-264

Permissions, Privileges, and Access Controls

6.8 /10