6.9 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
0.0004 Low
EPSS
Percentile
9.3%
CentOS Errata and Security Advisory CESA-2010:0348
The K Desktop Environment (KDE) is a graphical desktop environment for the
X Window System. The kdebase packages include core applications for KDE.
A privilege escalation flaw was found in the KDE Display Manager (KDM). A
local user with console access could trigger a race condition, possibly
resulting in the permissions of an arbitrary file being set to world
writable, allowing privilege escalation. (CVE-2010-0436)
Red Hat would like to thank Sebastian Krahmer of the SuSE Security Team for
responsibly reporting this issue.
Users of KDE should upgrade to these updated packages, which contain a
backported patch to correct this issue. The system should be rebooted for
this update to take effect. After the reboot, administrators should
manually remove all leftover user-owned dmctl-* directories in
“/var/run/xdmctl/”.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2010-April/078787.html
https://lists.centos.org/pipermail/centos-announce/2010-April/078788.html
https://lists.centos.org/pipermail/centos-announce/2010-June/078871.html
https://lists.centos.org/pipermail/centos-announce/2010-June/078872.html
https://lists.centos.org/pipermail/centos-announce/2010-June/078875.html
https://lists.centos.org/pipermail/centos-announce/2010-June/078876.html
Affected packages:
kdebase
kdebase-devel
Upstream details at:
https://access.redhat.com/errata/RHSA-2010:0348
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
CentOS | 4 | i386 | kdebase | < 3.3.1-13.el4_8.1 | kdebase-3.3.1-13.el4_8.1.i386.rpm |
CentOS | 4 | i386 | kdebase-devel | < 3.3.1-13.el4_8.1 | kdebase-devel-3.3.1-13.el4_8.1.i386.rpm |
CentOS | 4 | i386 | kdebase | < 3.3.1-13.el4_8.1 | kdebase-3.3.1-13.el4_8.1.i386.rpm |
CentOS | 4 | i386 | kdebase-devel | < 3.3.1-13.el4_8.1 | kdebase-devel-3.3.1-13.el4_8.1.i386.rpm |
CentOS | 4 | i386 | kdebase | < 3.3.1-13.el4_8.1 | kdebase-3.3.1-13.el4_8.1.i386.rpm |
CentOS | 4 | x86_64 | kdebase | < 3.3.1-13.el4_8.1 | kdebase-3.3.1-13.el4_8.1.x86_64.rpm |
CentOS | 4 | x86_64 | kdebase-devel | < 3.3.1-13.el4_8.1 | kdebase-devel-3.3.1-13.el4_8.1.x86_64.rpm |
CentOS | 4 | i386 | kdebase | < 3.3.1-13.el4_8.1 | kdebase-3.3.1-13.el4_8.1.i386.rpm |
CentOS | 4 | x86_64 | kdebase | < 3.3.1-13.el4_8.1 | kdebase-3.3.1-13.el4_8.1.x86_64.rpm |
CentOS | 4 | x86_64 | kdebase-devel | < 3.3.1-13.el4_8.1 | kdebase-devel-3.3.1-13.el4_8.1.x86_64.rpm |