FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2010-0436

This CVE name corresponds to:

Entered Topic
2010-04-14 KDM -- local privilege escalation vulnerability

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2010-0436 at cve.mitre.org

Details

Type Candidate
Name CVE-2010-0436
Phase Assigned(20100127)

Description

Race condition in backend/ctrl.c in KDM in KDE Software Compilation (SC) 2.2.0 through 4.4.2 allows local users to change the permissions of arbitrary files, and consequently gain privileges, by blocking the removal of a certain directory that contains a control socket, related to improper interaction with ksm.

References

Source Reference
CONFIRM ftp://ftp.kde.org/pub/kde/security_patches/kdebase-workspace-4.3.5-CVE-2010-0436.diff
CONFIRM http://www.kde.org/info/security/advisory-20100413-1.txt
CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=570613
DEBIAN DSA-2037
FEDORA FEDORA-2010-6605
REDHAT RHSA-2010:0348
SUSE SUSE-SR:2010:009
BID 39467
OVAL oval:org.mitre.oval:def:9999
SECUNIA 39419
SECUNIA 39481
SECUNIA 39506
VUPEN ADV-2010-0879
XF kde-kdm-privilege-escalation(57823)

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.