aru Posted June 16, 2006 Report Share Posted June 16, 2006 Mandriva Advisories MDKSA-2006:105 : kdebase Updated kdebase packages fix local vulnerability in kdm June 15th, 2006 A problem with how kdm manages the ~/.dmrc file was discovered by Ludwig Nussel.By using a symlink attack, a local user could get kdm to read arbitrary files on the system, including privileged system files and those belonging to other users. The updated packages have been patched to correct these issues. The released versions of Mandriva GNU/Linux affected are: CS3.0 2006.0 Full information about this advisory, including the updated packages, is available at: www.mandriva.com/security/advisories?name=MDKSA-2006:105 Other references: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2449 Posted automatically by aru (mdksec2mub v: mdksec2mub,v 1.2 2006/06/01 20:04:28 pituko Exp $) Link to comment Share on other sites More sharing options...
Recommended Posts