ID CVE-2006-2449
Summary KDE Display Manager (KDM) in KDE 3.2.0 up to 3.5.3 allows local users to read arbitrary files via a symlink attack related to the session type for login.
References
Vulnerable Configurations
  • cpe:2.3:o:kde:kde:3.2
    cpe:2.3:o:kde:kde:3.2
  • cpe:2.3:o:kde:kde:3.2.1
    cpe:2.3:o:kde:kde:3.2.1
  • cpe:2.3:o:kde:kde:3.2.2
    cpe:2.3:o:kde:kde:3.2.2
  • cpe:2.3:o:kde:kde:3.2.3
    cpe:2.3:o:kde:kde:3.2.3
  • cpe:2.3:o:kde:kde:3.3
    cpe:2.3:o:kde:kde:3.3
  • cpe:2.3:o:kde:kde:3.3.1
    cpe:2.3:o:kde:kde:3.3.1
  • cpe:2.3:o:kde:kde:3.3.2
    cpe:2.3:o:kde:kde:3.3.2
  • cpe:2.3:o:kde:kde:3.4
    cpe:2.3:o:kde:kde:3.4
  • cpe:2.3:o:kde:kde:3.4.1
    cpe:2.3:o:kde:kde:3.4.1
  • cpe:2.3:o:kde:kde:3.4.2
    cpe:2.3:o:kde:kde:3.4.2
  • cpe:2.3:o:kde:kde:3.4.3
    cpe:2.3:o:kde:kde:3.4.3
  • cpe:2.3:o:kde:kde:3.5
    cpe:2.3:o:kde:kde:3.5
  • cpe:2.3:o:kde:kde:3.5.2
    cpe:2.3:o:kde:kde:3.5.2
  • cpe:2.3:o:kde:kde:3.5.3
    cpe:2.3:o:kde:kde:3.5.3
CVSS
Base: 4.0 (as of 15-06-2006 - 09:57)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
LOCAL HIGH NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE NONE NONE
nessus via4
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200606-23.NASL
    description The remote host is affected by the vulnerability described in GLSA-200606-23 (KDM: Symlink vulnerability) Ludwig Nussel discovered that KDM could be tricked into allowing users to read files that would otherwise not be readable. Impact : A local attacker could exploit this issue to obtain potentially sensitive information that is usually not accessable to the local user such as shadow files or other user's files. The default Gentoo user running KDM is root and, as a result, the local attacker can read any file. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-11-19
    plugin id 21743
    published 2006-06-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=21743
    title GLSA-200606-23 : KDM: Symlink vulnerability
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2006-0548.NASL
    description Updated kdebase packages that correct a security flaw in kdm are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. The kdebase packages provide the core applications for KDE, the K Desktop Environment. These core packages include the KDE Display Manager (KDM). Ludwig Nussel discovered a flaw in KDM. A malicious local KDM user could use a symlink attack to read an arbitrary file that they would not normally have permissions to read. (CVE-2006-2449) Note: this issue does not affect the version of KDM as shipped with Red Hat Enterprise Linux 2.1 or 3. All users of KDM should upgrade to these updated packages which contain a backported patch to correct this issue.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 22002
    published 2006-07-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22002
    title CentOS 4 : kdebase (CESA-2006:0548)
  • NASL family Slackware Local Security Checks
    NASL id SLACKWARE_SSA_2006-178-01.NASL
    description New kdebase packages are available for Slackware 10.0, 10.1, 10.2, and -current to fix a security issue with KDM (the KDE login manager) which could be exploited by a local attacker to read any file on the system. The official KDE security advisory may be found here: http://www.kde.org/info/security/advisory-20060614-1.txt
    last seen 2019-02-21
    modified 2018-11-19
    plugin id 21765
    published 2006-06-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=21765
    title Slackware 10.0 / 10.1 / 10.2 / current : kdebase kdm local file reading vulnerability (SSA:2006-178-01)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_KDEBASE3-KDM-1609.NASL
    description KDM stores the type of the previously used session in the user's home directory. By using a symlink users could trick kdm into also storing content of files that are normally not accesible by users (CVE-2006-2449).
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 27285
    published 2007-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27285
    title openSUSE 10 Security Update : kdebase3-kdm (kdebase3-kdm-1609)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-301-1.NASL
    description Ludwig Nussel discovered that kdm managed the ~/.dmrc file in an insecure way. By performing a symlink attack, a local user could exploit this to read arbitrary files on the system, like private files of other users, /etc/shadow, and similarly sensitive data. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 27876
    published 2007-11-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27876
    title Ubuntu 5.04 / 5.10 / 6.06 LTS : kdebase vulnerability (USN-301-1)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1156.NASL
    description Ludwig Nussel discovered that kdm, the X display manager for KDE, handles access to the session type configuration file insecurely, which may lead to the disclosure of arbitrary files through a symlink attack.
    last seen 2019-02-21
    modified 2018-08-09
    plugin id 22698
    published 2006-10-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22698
    title Debian DSA-1156-1 : kdebase - programming error
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2006-0548.NASL
    description Updated kdebase packages that correct a security flaw in kdm are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. The kdebase packages provide the core applications for KDE, the K Desktop Environment. These core packages include the KDE Display Manager (KDM). Ludwig Nussel discovered a flaw in KDM. A malicious local KDM user could use a symlink attack to read an arbitrary file that they would not normally have permissions to read. (CVE-2006-2449) Note: this issue does not affect the version of KDM as shipped with Red Hat Enterprise Linux 2.1 or 3. All users of KDM should upgrade to these updated packages which contain a backported patch to correct this issue.
    last seen 2019-02-21
    modified 2018-11-27
    plugin id 21722
    published 2006-06-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=21722
    title RHEL 4 : kdebase (RHSA-2006:0548)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2006-105.NASL
    description A problem with how kdm manages the ~/.dmrc file was discovered by Ludwig Nussel. By using a symlink attack, a local user could get kdm to read arbitrary files on the system, including privileged system files and those belonging to other users. The updated packages have been patched to correct these issues.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 21720
    published 2006-06-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=21720
    title Mandrake Linux Security Advisory : kdebase (MDKSA-2006:105)
oval via4
accepted 2013-04-29T04:22:43.477-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 4
    oval oval:org.mitre.oval:def:11831
  • comment CentOS Linux 4.x
    oval oval:org.mitre.oval:def:16636
  • comment Oracle Linux 4.x
    oval oval:org.mitre.oval:def:15990
description KDE Display Manager (KDM) in KDE 3.2.0 up to 3.5.3 allows local users to read arbitrary files via a symlink attack related to the session type for login.
family unix
id oval:org.mitre.oval:def:9844
status accepted
submitted 2010-07-09T03:56:16-04:00
title KDE Display Manager (KDM) in KDE 3.2.0 up to 3.5.3 allows local users to read arbitrary files via a symlink attack related to the session type for login.
version 23
redhat via4
advisories
bugzilla
id 194581
title CVE-2006-2449 kdm file disclosure
oval
AND
comment Red Hat Enterprise Linux 4 is installed
oval oval:com.redhat.rhsa:tst:20060016001
rhsa
id RHSA-2006:0548
released 2006-06-14
severity Important
title RHSA-2006:0548: kdebase security update (Important)
refmap via4
bid 18431
bugtraq
  • 20060614 [KDE Security Advisory] KDM symlink attack vulnerability
  • 20060615 rPSA-2006-0106-1 kdebase
confirm http://www.kde.org/info/security/advisory-20060614-1.txt
debian DSA-1156
gentoo GLSA-200606-23
mandriva
  • MDKSA-2006:105
  • MDKSA-2006:106
osvdb 26511
sectrack 1016297
secunia
  • 20602
  • 20660
  • 20674
  • 20702
  • 20785
  • 20869
  • 20890
  • 21662
slackware SSA:2006-178-01
suse SUSE-SA:2006:039
ubuntu USN-301-1
vupen ADV-2006-2355
xf kde-kdm-symlink(27181)
Last major update 07-03-2011 - 21:36
Published 15-06-2006 - 06:02
Last modified 18-10-2018 - 12:40
Back to Top