1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
|
PublicDate: 2007-09-21
Candidate: CVE-2007-4569
References:
http://www.ubuntu.com/usn/usn-517-1
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4569
Description:
backend/session.c in KDM in KDE 3.3.0 through 3.5.7, when autologin is
configured and "shutdown with password" is enabled, allows remote attackers
to bypass the password requirement and login to arbitrary accounts via
unspecified vectors.
Ubuntu-Description:
It was discovered that KDM would allow logins without password checks under
certain circumstances. If autologin was configured, and "shutdown with
password" enabled, a local user could exploit the problem and gain root
privileges.
Notes:
Bugs:
Priority: medium
Assigned-to: riddell
dapper_kdebase: released (4:3.5.2-0ubuntu27.2)
edgy_kdebase: released (4:3.5.5-0ubuntu3.6)
feisty_kdebase: released (4:3.5.6-0ubuntu20.4)
devel_kdebase: released (4:3.5.7-1ubuntu24)
upstream_kdebase:
|