ID CVE-2010-0436
Summary Race condition in backend/ctrl.c in KDM in KDE Software Compilation (SC) 2.2.0 through 4.4.2 allows local users to change the permissions of arbitrary files, and consequently gain privileges, by blocking the removal of a certain directory that contains a control socket, related to improper interaction with ksm.
References
Vulnerable Configurations
  • KDE Software Compilation (SC) 4.4.0
    cpe:2.3:a:kde:kde_sc:4.4.0
  • KDE Software Compilation (SC) 4.4.2
    cpe:2.3:a:kde:kde_sc:4.4.2
  • KDE Software Compilation (SC) 4.4.1
    cpe:2.3:a:kde:kde_sc:4.4.1
  • KDE Software Compilation (SC) 4.3.5
    cpe:2.3:a:kde:kde_sc:4.3.5
  • KDE Software Compilation (SC) 4.3.4
    cpe:2.3:a:kde:kde_sc:4.3.4
  • KDE Software Compilation (SC) 4.3.1
    cpe:2.3:a:kde:kde_sc:4.3.1
  • KDE Software Compilation (SC) 4.3.0
    cpe:2.3:a:kde:kde_sc:4.3.0
  • KDE Software Compilation (SC) 4.2.2
    cpe:2.3:a:kde:kde_sc:4.2.2
  • KDE Software Compilation (SC) 4.1.2
    cpe:2.3:a:kde:kde_sc:4.1.2
  • KDE Software Compilation (SC) 3.5.10
    cpe:2.3:a:kde:kde_sc:3.5.10
  • KDE Software Compilation (SC) 2.2.0
    cpe:2.3:a:kde:kde_sc:2.2.0
CVSS
Base: 6.9 (as of 16-04-2010 - 11:21)
Impact:
Exploitability:
CWE CWE-362
CAPEC
  • Leveraging Race Conditions
    This attack targets a race condition occurring when multiple processes access and manipulate the same resource concurrently and the outcome of the execution depends on the particular order in which the access takes place. The attacker can leverage a race condition by "running the race", modifying the resource and modifying the normal execution flow. For instance a race condition can occur while accessing a file, the attacker can trick the system by replacing the original file with his version and cause the system to read the malicious file.
  • Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions
    This attack targets a race condition occurring between the time of check (state) for a resource and the time of use of a resource. The typical example is the file access. The attacker can leverage a file access race condition by "running the race", meaning that he would modify the resource between the first time the target program accesses the file and the time the target program uses the file. During that period of time, the attacker could do something such as replace the file and cause an escalation of privilege.
Access
VectorComplexityAuthentication
LOCAL MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
nessus via4
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2010-8547.NASL
    description This update set updates the KDE Software Compilation (KDE SC) to KDE SC 4.4.3, which has a number of improvements: * Numerous fixes in Konsole, KDE's terminal emulator, among them two possible crashers in session management * Flash plugin support in KHTML has been enhanced to work with newest Youtube skins * Case-sensitivity in renaming fixes in KIO, KDE's network-transparent I/O library - Hiding the mouse cursor in some special cases in presentation mode and two possible crashers have been fixed and more bugfixes and translation updates. See http://kde.org/announcements/announce-4.4.3.php for more information. In addition, the security issues CVE-2010-1000 and CVE-2010-1511 (improper sanitization of metalink attribute for downloading files) in KGet have been fixed, and Kppp now prompts for the root password instead of failing with a cryptic error when run as a regular user. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-24
    plugin id 47499
    published 2010-07-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=47499
    title Fedora 11 : kde-l10n-4.4.3-1.fc11 / kdeaccessibility-4.4.3-1.fc11.1 / kdeadmin-4.4.3-1.fc11.1 / etc (2010-8547)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2010-8544.NASL
    description This update set updates the KDE Software Compilation (KDE SC) to KDE SC 4.4.3, which has a number of improvements: * Numerous fixes in Konsole, KDE's terminal emulator, among them two possible crashers in session management * Flash plugin support in KHTML has been enhanced to work with newest Youtube skins * Case-sensitivity in renaming fixes in KIO, KDE's network-transparent I/O library - Hiding the mouse cursor in some special cases in presentation mode and two possible crashers have been fixed and more bugfixes and translation updates. See http://kde.org/announcements/announce-4.4.3.php for more information. In addition, the security issues CVE-2010-1000 and CVE-2010-1511 (improper sanitization of metalink attribute for downloading files) in KGet have been fixed, and Kppp now prompts for the root password instead of failing with a cryptic error when run as a regular user. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-24
    plugin id 47498
    published 2010-07-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=47498
    title Fedora 12 : kde-l10n-4.4.3-1.fc12 / kdeaccessibility-4.4.3-1.fc12.1 / kdeadmin-4.4.3-1.fc12.1 / etc (2010-8544)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-932-1.NASL
    description Sebastian Krahmer discovered a race condition in the KDE Display Manager (KDM). A local attacker could exploit this to change the permissions on arbitrary files, thus allowing privilege escalation. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-23
    plugin id 45576
    published 2010-04-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=45576
    title Ubuntu 8.10 / 9.04 / 9.10 : kdebase-workspace vulnerability (USN-932-1)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2010-0348.NASL
    description Updated kdebase packages that fix one security issue are now available for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The K Desktop Environment (KDE) is a graphical desktop environment for the X Window System. The kdebase packages include core applications for KDE. A privilege escalation flaw was found in the KDE Display Manager (KDM). A local user with console access could trigger a race condition, possibly resulting in the permissions of an arbitrary file being set to world-writable, allowing privilege escalation. (CVE-2010-0436) Red Hat would like to thank Sebastian Krahmer of the SuSE Security Team for responsibly reporting this issue. Users of KDE should upgrade to these updated packages, which contain a backported patch to correct this issue. The system should be rebooted for this update to take effect. After the reboot, administrators should manually remove all leftover user-owned dmctl-* directories in '/var/run/xdmctl/'.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 46298
    published 2010-05-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=46298
    title RHEL 4 / 5 : kdebase (RHSA-2010:0348)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_0_KDE4-KDM-100315.NASL
    description The KDE KDM contains a local race condition which allows to make arbitrary files world-writable. CVE-2010-0436 has been assigned to this issue.
    last seen 2019-02-21
    modified 2014-06-13
    plugin id 45533
    published 2010-04-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=45533
    title openSUSE Security Update : kde4-kdm (kde4-kdm-2134)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2010-6096.NASL
    description This update set updates the KDE Software Compilation (KDE SC) to KDE SC 4.4.2, which has a number of improvements: * Possible crashes in Plasma, Dolphin and Okular have been fixed * The Microblog applet now shows the correct time in the timeline * The audioplayer KRunner plugin has been fixed to not freeze the KRunner UI anymore and more bugfixes and translation updates. See http://kde.org/announcements/announce-4.4.2.php for more information. * a couple of small powerdevil patches (see kde bugs 221637, 221637), * upstream kdm security fix for CVE-2010-0436 Also included are the bugfix releases SIP 4.10.1: http://www.riverbankcomputing.co.uk/static/Downloads/sip4/ChangeLog and PyQt4 4.7.2: http://www.riverbankcomputing.co.uk/static/Downloads/PyQt4/ChangeLog Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-24
    plugin id 47415
    published 2010-07-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=47415
    title Fedora 12 : PyQt4-4.7.2-2.fc12 / kdeaccessibility-4.4.2-1.fc12 / kdeadmin-4.4.2-1.fc12 / etc (2010-6096)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_1_KDE4-KDM-100315.NASL
    description The KDE KDM contains a local race condition which allows to make arbitrary files world-writable. CVE-2010-0436 has been assigned to this issue.
    last seen 2019-02-21
    modified 2014-06-13
    plugin id 45536
    published 2010-04-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=45536
    title openSUSE Security Update : kde4-kdm (kde4-kdm-2134)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201412-08.NASL
    description The remote host is affected by the vulnerability described in GLSA-201412-08 (Multiple packages, Multiple vulnerabilities fixed in 2010) Vulnerabilities have been discovered in the packages listed below. Please review the CVE identifiers in the Reference section for details. Insight Perl Tk Module Source-Navigator Tk Partimage Mlmmj acl Xinit gzip ncompress liblzw splashutils GNU M4 KDE Display Manager GTK+ KGet dvipng Beanstalk Policy Mount pam_krb5 GNU gv LFTP Uzbl Slim Bitdefender Console iputils DVBStreamer Impact : A context-dependent attacker may be able to gain escalated privileges, execute arbitrary code, cause Denial of Service, obtain sensitive information, or otherwise bypass security restrictions. Workaround : There are no known workarounds at this time.
    last seen 2019-02-21
    modified 2018-12-05
    plugin id 79961
    published 2014-12-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79961
    title GLSA-201412-08 : Multiple packages, Multiple vulnerabilities fixed in 2010
  • NASL family SuSE Local Security Checks
    NASL id SUSE_FILESHARESET-6942.NASL
    description The KDE display manager kdm contains a race condition which allows local attackers to make arbitrary files orld writable. CVE-2010-0436 has been assigned to this issue.
    last seen 2019-02-21
    modified 2012-05-17
    plugin id 45539
    published 2010-04-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=45539
    title SuSE 10 Security Update : kdm (ZYPP Patch Number 6942)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2010-6077.NASL
    description This update set updates the KDE Software Compilation (KDE SC) to KDE SC 4.4.2, which has a number of improvements: * Possible crashes in Plasma, Dolphin and Okular have been fixed * The Microblog applet now shows the correct time in the timeline * The audioplayer KRunner plugin has been fixed to not freeze the KRunner UI anymore and more bugfixes and translation updates. See http://kde.org/announcements/announce-4.4.2.php for more information. * a couple of small powerdevil patches (see kde bugs 221637, 221637), * upstream kdm security fix for CVE-2010-0436 Also included are the bugfix releases SIP 4.10.1: http://www.riverbankcomputing.co.uk/static/Downloads/sip4/ChangeLog and PyQt4 4.7.2: http://www.riverbankcomputing.co.uk/static/Downloads/PyQt4/ChangeLog Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-24
    plugin id 47414
    published 2010-07-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=47414
    title Fedora 11 : PyQt4-4.7.2-2.fc11 / kdeaccessibility-4.4.2-1.fc11 / kdeadmin-4.4.2-1.fc11 / etc (2010-6077)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_KDE4-KDM-100315.NASL
    description The KDE display manager kdm contains a race condition which allows local attackers to make arbitrary files orld writable. CVE-2010-0436 has been assigned to this issue.
    last seen 2019-02-21
    modified 2013-10-25
    plugin id 50921
    published 2010-12-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=50921
    title SuSE 11 Security Update : kdm (SAT Patch Number 2136)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_1_FILESHARESET-100324.NASL
    description The KDE KDM contains a local race condition which allows to make arbitrary files world-writable. CVE-2010-0436 has been assigned to this issue.
    last seen 2019-02-21
    modified 2014-06-13
    plugin id 45534
    published 2010-04-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=45534
    title openSUSE Security Update : fileshareset (fileshareset-2204)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-2037.NASL
    description Sebastian Krahmer discovered that a race condition in the KDE Desktop Environment's KDM display manager, allow a local user to elevate privileges to root.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 45559
    published 2010-04-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=45559
    title Debian DSA-2037-1 : kdm (kdebase) - race condition
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_0_FILESHARESET-100324.NASL
    description The KDE KDM contains a local race condition which allows to make arbitrary files world-writable. CVE-2010-0436 has been assigned to this issue.
    last seen 2019-02-21
    modified 2014-06-13
    plugin id 45531
    published 2010-04-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=45531
    title openSUSE Security Update : fileshareset (fileshareset-2204)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2010-074.NASL
    description A vulnerability has been found and corrected in kdm (kdebase/kdebase4-workspace) : KDM contains a race condition that allows local attackers to make arbitrary files on the system world-writeable. This can happen while KDM tries to create its control socket during user login. This vulnerability has been discovered by Sebastian Krahmer from the SUSE Security Team (CVE-2010-0436). It is adviced to reboot the computer after applying the updated packages in order to the security fix to take full effect. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct this issue.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 45548
    published 2010-04-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=45548
    title Mandriva Linux Security Advisory : kdebase (MDVSA-2010:074)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2010-0348.NASL
    description Updated kdebase packages that fix one security issue are now available for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The K Desktop Environment (KDE) is a graphical desktop environment for the X Window System. The kdebase packages include core applications for KDE. A privilege escalation flaw was found in the KDE Display Manager (KDM). A local user with console access could trigger a race condition, possibly resulting in the permissions of an arbitrary file being set to world-writable, allowing privilege escalation. (CVE-2010-0436) Red Hat would like to thank Sebastian Krahmer of the SuSE Security Team for responsibly reporting this issue. Users of KDE should upgrade to these updated packages, which contain a backported patch to correct this issue. The system should be rebooted for this update to take effect. After the reboot, administrators should manually remove all leftover user-owned dmctl-* directories in '/var/run/xdmctl/'.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 45582
    published 2010-04-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=45582
    title CentOS 4 / 5 : kdebase (CESA-2010:0348)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2010-0348.NASL
    description From Red Hat Security Advisory 2010:0348 : Updated kdebase packages that fix one security issue are now available for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The K Desktop Environment (KDE) is a graphical desktop environment for the X Window System. The kdebase packages include core applications for KDE. A privilege escalation flaw was found in the KDE Display Manager (KDM). A local user with console access could trigger a race condition, possibly resulting in the permissions of an arbitrary file being set to world-writable, allowing privilege escalation. (CVE-2010-0436) Red Hat would like to thank Sebastian Krahmer of the SuSE Security Team for responsibly reporting this issue. Users of KDE should upgrade to these updated packages, which contain a backported patch to correct this issue. The system should be rebooted for this update to take effect. After the reboot, administrators should manually remove all leftover user-owned dmctl-* directories in '/var/run/xdmctl/'.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 68031
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=68031
    title Oracle Linux 4 / 5 : kdebase (ELSA-2010-0348)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_3987C5D147A911DFA0D50016D32F24FB.NASL
    description KDE Security Advisory reports : KDM contains a race condition that allows local attackers to make arbitrary files on the system world-writeable. This can happen while KDM tries to create its control socket during user login. A local attacker with a valid local account can under certain circumstances make use of this vulnerability to execute arbitrary code as root.
    last seen 2019-02-21
    modified 2018-11-21
    plugin id 45529
    published 2010-04-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=45529
    title FreeBSD : KDM -- local privilege escalation vulnerability (3987c5d1-47a9-11df-a0d5-0016d32f24fb)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2010-6605.NASL
    description This build includes * a couple of small powerdevil patches (see kde bugs 221637, 221637), * fix icon name in plasma-konsole patch: use XDG icon instead of kappfinder one, * initial attempts at kdm/plymouth integration, * upstream kdm security fix for CVE-2010-0436 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-20
    plugin id 47440
    published 2010-07-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=47440
    title Fedora 13 : kdebase-workspace-4.4.2-5.fc13 (2010-6605)
  • NASL family Slackware Local Security Checks
    NASL id SLACKWARE_SSA_2010-110-02.NASL
    description New kdebase-workspace packages are available for Slackware 13.0 and -current to fix a security issue with KDM.
    last seen 2018-09-01
    modified 2014-12-22
    plugin id 54878
    published 2011-05-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=54878
    title Slackware 13.0 / current : kdebase-workspace (SSA:2010-110-02)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20100414_KDEBASE_ON_SL4_X.NASL
    description A privilege escalation flaw was found in the KDE Display Manager (KDM). A local user with console access could trigger a race condition, possibly resulting in the permissions of an arbitrary file being set to world-writable, allowing privilege escalation. (CVE-2010-0436) The system should be rebooted for this update to take effect. After the reboot, administrators should manually remove all leftover user-owned dmctl-* directories in '/var/run/xdmctl/'.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 60781
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60781
    title Scientific Linux Security Update : kdebase on SL4.x, SL5.x i386/x86_64
  • NASL family SuSE Local Security Checks
    NASL id SUSE_FILESHARESET-6941.NASL
    description The KDE display manager kdm contains a race condition which allows local attackers to make arbitrary files orld writable. CVE-2010-0436 has been assigned to this issue.
    last seen 2019-02-21
    modified 2012-05-17
    plugin id 49851
    published 2010-10-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=49851
    title SuSE 10 Security Update : kdm (ZYPP Patch Number 6941)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_2_KDE4-KDM-100315.NASL
    description The KDE KDM contains a local race condition which allows to make arbitrary files world-writable. CVE-2010-0436 has been assigned to this issue.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 45538
    published 2010-04-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=45538
    title openSUSE Security Update : kde4-kdm (openSUSE-SU-2010:0112-1)
oval via4
accepted 2013-04-29T04:24:01.633-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 4
    oval oval:org.mitre.oval:def:11831
  • comment CentOS Linux 4.x
    oval oval:org.mitre.oval:def:16636
  • comment Oracle Linux 4.x
    oval oval:org.mitre.oval:def:15990
  • comment The operating system installed on the system is Red Hat Enterprise Linux 5
    oval oval:org.mitre.oval:def:11414
  • comment The operating system installed on the system is CentOS Linux 5.x
    oval oval:org.mitre.oval:def:15802
  • comment Oracle Linux 5.x
    oval oval:org.mitre.oval:def:15459
description Race condition in backend/ctrl.c in KDM in KDE Software Compilation (SC) 2.2.0 through 4.4.2 allows local users to change the permissions of arbitrary files, and consequently gain privileges, by blocking the removal of a certain directory that contains a control socket, related to improper interaction with ksm.
family unix
id oval:org.mitre.oval:def:9999
status accepted
submitted 2010-07-09T03:56:16-04:00
title Race condition in backend/ctrl.c in KDM in KDE Software Compilation (SC) 2.2.0 through 4.4.2 allows local users to change the permissions of arbitrary files, and consequently gain privileges, by blocking the removal of a certain directory that contains a control socket, related to improper interaction with ksm.
version 24
redhat via4
advisories
bugzilla
id 570613
title CVE-2010-0436 kdm privilege escalation flaw
oval
OR
  • AND
    • comment Red Hat Enterprise Linux 4 is installed
      oval oval:com.redhat.rhba:tst:20070304001
    • OR
      • AND
        • comment kdebase is earlier than 6:3.3.1-13.el4_8.1
          oval oval:com.redhat.rhsa:tst:20100348002
        • comment kdebase is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070494003
      • AND
        • comment kdebase-devel is earlier than 6:3.3.1-13.el4_8.1
          oval oval:com.redhat.rhsa:tst:20100348004
        • comment kdebase-devel is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070494005
  • AND
    • comment Red Hat Enterprise Linux 5 is installed
      oval oval:com.redhat.rhba:tst:20070331001
    • OR
      • AND
        • comment kdebase is earlier than 6:3.5.4-21.el5_5.1
          oval oval:com.redhat.rhsa:tst:20100348007
        • comment kdebase is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070494011
      • AND
        • comment kdebase-devel is earlier than 6:3.5.4-21.el5_5.1
          oval oval:com.redhat.rhsa:tst:20100348009
        • comment kdebase-devel is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070494013
rhsa
id RHSA-2010:0348
released 2010-04-14
severity Important
title RHSA-2010:0348: kdebase security update (Important)
rpms
  • kdebase-6:3.3.1-13.el4_8.1
  • kdebase-devel-6:3.3.1-13.el4_8.1
  • kdebase-6:3.5.4-21.el5_5.1
  • kdebase-devel-6:3.5.4-21.el5_5.1
refmap via4
bid 39467
confirm
debian DSA-2037
fedora FEDORA-2010-6605
secunia
  • 39419
  • 39481
  • 39506
suse SUSE-SR:2010:009
vupen ADV-2010-0879
xf kde-kdm-privilege-escalation(57823)
Last major update 21-08-2010 - 01:39
Published 15-04-2010 - 13:30
Last modified 18-09-2017 - 21:30
Back to Top