| Vulnerability Name: | CVE-2006-2449 (CCN-27181) | ||||||||||||||||||||
| Assigned: | 2006-06-14 | ||||||||||||||||||||
| Published: | 2006-06-14 | ||||||||||||||||||||
| Updated: | 2018-10-18 | ||||||||||||||||||||
| Summary: | KDE Display Manager (KDM) in KDE 3.2.0 up to 3.5.3 allows local users to read arbitrary files via a symlink attack related to the session type for login. | ||||||||||||||||||||
| CVSS v3 Severity: | 4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L)
| ||||||||||||||||||||
| CVSS v2 Severity: | 4.0 Medium (CVSS v2 Vector: AV:L/AC:H/Au:N/C:C/I:N/A:N)
| ||||||||||||||||||||
| Vulnerability Type: | CWE-Other | ||||||||||||||||||||
| Vulnerability Consequences: | File Manipulation | ||||||||||||||||||||
| References: | Source: CCN Type: BugTraq Mailing List, Wed Jun 14 2006 - 13:30:39 CDT [KDE Security Advisory] KDM symlink attack vulnerability Source: CCN Type: BugTraq Mailing List, Thu Jun 15 2006 - 14:01:16 CDT rPSA-2006-0106-1 kdebase Source: MITRE Type: CNA CVE-2006-2449 Source: CCN Type: RHSA-2006-0548 kdebase security update Source: CCN Type: SA20602 KDE KDM Arbitrary File Reading Vulnerability Source: SECUNIA Type: Vendor Advisory 20602 Source: SECUNIA Type: Vendor Advisory 20660 Source: SECUNIA Type: Vendor Advisory 20674 Source: SECUNIA Type: Vendor Advisory 20702 Source: SECUNIA Type: Vendor Advisory 20785 Source: SECUNIA Type: Vendor Advisory 20869 Source: SECUNIA Type: Vendor Advisory 20890 Source: SECUNIA Type: Vendor Advisory 21662 Source: CCN Type: SECTRACK ID: 1016297 KDE KDM Symlink Bug Lets Local Users View Files Source: SECTRACK Type: UNKNOWN 1016297 Source: SLACKWARE Type: UNKNOWN SSA:2006-178-01 Source: CCN Type: ASA-2006-127 kdebase security update (RHSA-2006-0548) Source: DEBIAN Type: Vendor Advisory DSA-1156 Source: DEBIAN Type: DSA-1156 kdebase -- programming error Source: CCN Type: GLSA-200606-23 KDM: Symlink vulnerability Source: GENTOO Type: UNKNOWN GLSA-200606-23 Source: CCN Type: KDE Security Advisory 2006-06-14 KDM symlink attack vulnerability Source: CONFIRM Type: Vendor Advisory http://www.kde.org/info/security/advisory-20060614-1.txt Source: MANDRIVA Type: UNKNOWN MDKSA-2006:105 Source: MANDRIVA Type: UNKNOWN MDKSA-2006:106 Source: SUSE Type: Vendor Advisory SUSE-SA:2006:039 Source: OSVDB Type: UNKNOWN 26511 Source: CCN Type: OSVDB ID: 26511 KDE KDM Login Sesson Type Symlink Arbitrary File Read Source: REDHAT Type: Patch, Vendor Advisory RHSA-2006:0548 Source: BUGTRAQ Type: UNKNOWN 20060614 [KDE Security Advisory] KDM symlink attack vulnerability Source: BUGTRAQ Type: UNKNOWN 20060615 rPSA-2006-0106-1 kdebase Source: BID Type: UNKNOWN 18431 Source: CCN Type: BID-18431 KDE KDM Session Type Symbolic Link Vulnerability Source: CCN Type: USN-301-1 kdm vulnerability Source: VUPEN Type: UNKNOWN ADV-2006-2355 Source: XF Type: UNKNOWN kde-kdm-symlink(27181) Source: XF Type: UNKNOWN kde-kdm-symlink(27181) Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:9844 Source: UBUNTU Type: UNKNOWN USN-301-1 Source: SUSE Type: SUSE-SA:2006:039 KDM information disclosure | ||||||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration RedHat 1: Configuration RedHat 2: Configuration RedHat 3: Configuration RedHat 4: Configuration RedHat 5:  Denotes that component is vulnerable | ||||||||||||||||||||
| Oval Definitions | |||||||||||||||||||||
| |||||||||||||||||||||
| BACK | |||||||||||||||||||||