aru Posted June 16, 2006 Report Share Posted June 16, 2006 Mandriva Advisories MDKSA-2006:106 : mdkkdm Updated mdkkdm packages fix local vulnerability June 15th, 2006 A problem with how kdm manages the ~/.dmrc file was discovered by Ludwig Nussel.By using a symlink attack, a local user could get kdm to read arbitrary files on the system, including privileged system files and those belonging to other users. Mandriva's mdkkdm also suffers from this same problem and has been patched to correct it.Only Corporate 3 is affected; in Mandriva Linux 2006, mdkkdm is in contribs. The released versions of Mandriva GNU/Linux affected are: CS3.0Full information about this advisory, including the updated packages, is available at: www.mandriva.com/security/advisories?name=MDKSA-2006:106 Other references: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2449 Posted automatically by aru (mdksec2mub v: mdksec2mub,v 1.2 2006/06/01 20:04:28 pituko Exp $) Link to comment Share on other sites More sharing options...
Recommended Posts