Jump to content

Advisories (MDKSA-2006:106 ): mdkkdm


Recommended Posts

Mandriva Advisories MDKSA-2006:106 : mdkkdm


Updated mdkkdm packages fix local vulnerability

June 15th, 2006


A problem with how kdm manages the ~/.dmrc file was discovered by


Ludwig Nussel.By using a symlink attack, a local user could get kdm


to read arbitrary files on the system, including privileged system


files and those belonging to other users.




Mandriva's mdkkdm also suffers from this same problem and has been


patched to correct it.Only Corporate 3 is affected; in Mandriva Linux


2006, mdkkdm is in contribs.



The released versions of Mandriva GNU/Linux affected are:

  • CS3.0

Full information about this advisory, including the updated packages, is available at:



Other references:



Posted automatically by aru (mdksec2mub v: mdksec2mub,v 1.2 2006/06/01 20:04:28 pituko Exp $)

Link to comment
Share on other sites


  • Create New...