Vulnerability CVE-2007-4569

Vulnerability Name:

CVE-2007-4569 (CCN-36711)

Assigned:

2007-09-19

Published:

2007-09-19

Updated:

2017-09-29

Summary:

backend/session.c in KDM in KDE 3.3.0 through 3.5.7, when autologin is configured and "shutdown with password" is enabled, allows remote attackers to bypass the password requirement and login to arbitrary accounts via unspecified vectors.

CVSS v3 Severity:

9.3 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

6.8 Medium (CVSS v2 Vector: AV:L/AC:L/Au:S/C:C/I:C/A:C)
5.0 Medium (Temporal CVSS v2 Vector: AV:L/AC:L/Au:S/C:C/I:C/A:C/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Authentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

7.2 High (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
5.3 Medium (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

Vulnerability Type:

CWE-264

Vulnerability Consequences:

Bypass Security

References:

Source: MITRE
Type: CNA
CVE-2007-4569

Source: CCN
Type: KDE Web site
K Desktop Environment -Conquer your Desktop!

Source: SUSE
Type: UNKNOWN
SUSE-SR:2007:021

Source: CCN
Type: RHSA-2007-0905
Moderate: kdebase security update

Source: CCN
Type: SA26894
KDE KDM Login Password Check Security Bypass

Source: SECUNIA
Type: UNKNOWN
26894

Source: SECUNIA
Type: UNKNOWN
26904

Source: SECUNIA
Type: UNKNOWN
26915

Source: SECUNIA
Type: UNKNOWN
26929

Source: SECUNIA
Type: UNKNOWN
26977

Source: SECUNIA
Type: UNKNOWN
27089

Source: SECUNIA
Type: UNKNOWN
27096

Source: SECUNIA
Type: UNKNOWN
27106

Source: SECUNIA
Type: UNKNOWN
27180

Source: SECUNIA
Type: UNKNOWN
27271

Source: GENTOO
Type: UNKNOWN
GLSA-200710-15

Source: CCN
Type: SECTRACK ID: 1018724
KDE Autologin Authentication Bug May Let Remote Users Login Without a Password

Source: SECTRACK
Type: UNKNOWN
1018724

Source: CCN
Type: ASA-2007-413
kdebase security update (RHSA-2007-0905)

Source: DEBIAN
Type: UNKNOWN
DSA-1376

Source: DEBIAN
Type: DSA-1376
kdebase -- programming error

Source: CCN
Type: GLSA-200710-15
KDM: Local privilege escalation

Source: CCN
Type: KDE Security Advisory 20070919-1
KDM passwordless login vulnerability

Source: CONFIRM
Type: Patch, Vendor Advisory
http://www.kde.org/info/security/advisory-20070919-1.txt

Source: MANDRIVA
Type: UNKNOWN
MDKSA-2007:190

Source: REDHAT
Type: UNKNOWN
RHSA-2007:0905

Source: BID
Type: Patch
25730

Source: CCN
Type: BID-25730
KDE KDM Unspecified Password Authentication Bypass Vulnerability

Source: CCN
Type: USN-517-1
kdm vulnerability

Source: UBUNTU
Type: UNKNOWN
USN-517-1

Source: VUPEN
Type: UNKNOWN
ADV-2007-3227

Source: XF
Type: UNKNOWN
kde-kdm-login-security-bypass(36711)

Source: XF
Type: UNKNOWN
kde-kdm-login-security-bypass(36711)

Source: CONFIRM
Type: UNKNOWN
https://issues.rpath.com/browse/RPL-1725

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:10359

Source: FEDORA
Type: UNKNOWN
FEDORA-2007-2361

Source: FEDORA
Type: UNKNOWN
FEDORA-2007-716

Source: SUSE
Type: SUSE-SR:2007:021
SUSE Security Summary Report

Vulnerable Configuration:

Configuration 1:

cpe:/o:kde:kde:3.3:*:*:*:*:*:*:*

OR cpe:/o:kde:kde:3.3.0:*:*:*:*:*:*:*

OR cpe:/o:kde:kde:3.3.1:*:*:*:*:*:*:*

OR cpe:/o:kde:kde:3.3.2:*:*:*:*:*:*:*

OR cpe:/o:kde:kde:3.4:*:*:*:*:*:*:*

OR cpe:/o:kde:kde:3.4.0:*:*:*:*:*:*:*

OR cpe:/o:kde:kde:3.4.1:*:*:*:*:*:*:*

OR cpe:/o:kde:kde:3.4.2:*:*:*:*:*:*:*

OR cpe:/o:kde:kde:3.4.3:*:*:*:*:*:*:*

OR cpe:/o:kde:kde:3.5:*:*:*:*:*:*:*

OR cpe:/o:kde:kde:3.5.0:*:*:*:*:*:*:*

OR cpe:/o:kde:kde:3.5.1:*:*:*:*:*:*:*

OR cpe:/o:kde:kde:3.5.2:*:*:*:*:*:*:*

OR cpe:/o:kde:kde:3.5.3:*:*:*:*:*:*:*

OR cpe:/o:kde:kde:3.5.4:*:*:*:*:*:*:*

OR cpe:/o:kde:kde:3.5.5:*:*:*:*:*:*:*

OR cpe:/o:kde:kde:3.5.6:*:*:*:*:*:*:*

OR cpe:/o:kde:kde:3.5.7:*:*:*:*:*:*:*

Configuration RedHat 1:

cpe:/o:redhat:enterprise_linux:4:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

Configuration RedHat 3:

cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

Configuration RedHat 4:

cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

Configuration RedHat 5:

cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

Configuration RedHat 6:

cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

Configuration RedHat 7:

cpe:/o:redhat:enterprise_linux:5::client:*:*:*:*:*

Configuration RedHat 8:

cpe:/o:redhat:enterprise_linux:5::client_workstation:*:*:*:*:*

Configuration RedHat 9:

cpe:/o:redhat:enterprise_linux:5::server:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20074569	V	CVE-2007-4569	2022-05-20
oval:org.opensuse.security:def:42334	P	Security update for glibc (Important)	2022-02-04
oval:org.opensuse.security:def:32290	P	Security update for apache2 (Important)	2022-01-12
oval:org.opensuse.security:def:31753	P	Security update for net-snmp (Important)	2022-01-05
oval:org.opensuse.security:def:32234	P	Security update for mozilla-nss (Important)	2021-12-06
oval:org.opensuse.security:def:31710	P	Security update for java-1_7_0-openjdk (Important)	2021-11-24
oval:org.opensuse.security:def:31704	P	Security update for samba (Important)	2021-11-19
oval:org.opensuse.security:def:32214	P	Security update for pcre (Moderate)	2021-11-10
oval:org.opensuse.security:def:26156	P	Security update for open-lldp (Moderate)	2021-10-26
oval:org.opensuse.security:def:26154	P	Security update for ncurses (Moderate)	2021-10-20
oval:org.opensuse.security:def:42131	P	Security update for ncurses (Moderate)	2021-10-20
oval:org.opensuse.security:def:31278	P	Security update for xen (Important)	2021-09-23
oval:org.opensuse.security:def:32170	P	Security update for the Linux Kernel (Live Patch 35 for SLE 12 SP3) (Important)	2021-08-25
oval:org.opensuse.security:def:31256	P	Security update for the Linux Kernel (Live Patch 37 for SLE 12 SP3) (Important)	2021-08-25
oval:org.opensuse.security:def:26107	P	Security update for openssl-1_0_0 (Important)	2021-08-24
oval:org.opensuse.security:def:32148	P	Security update for the Linux Kernel (Live Patch 34 for SLE 12 SP3) (Important)	2021-07-21
oval:org.opensuse.security:def:31648	P	Security update for openexr (Important)	2021-06-24
oval:org.opensuse.security:def:31646	P	Security update for libnettle (Important)	2021-06-23
oval:org.opensuse.security:def:31204	P	Security update for xterm (Important)	2021-06-18
oval:org.opensuse.security:def:36401	P	fileshareset-2.0-20.31 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:42565	P	kdebase3-runtime-3.5.10-20.31 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:31193	P	Security update for libX11 (Important)	2021-06-08
oval:org.opensuse.security:def:31636	P	Security update for spice (Important)	2021-06-08
oval:org.opensuse.security:def:31192	P	Security update for MozillaFirefox (Important)	2021-06-08
oval:org.opensuse.security:def:36158	P	kdebase3-runtime-3.5.10-20.31 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:32109	P	Security update for the Linux Kernel (Live Patch 37 for SLE 12 SP3) (Important)	2021-06-04
oval:org.opensuse.security:def:26051	P	Security update for djvulibre (Important)	2021-05-19
oval:org.opensuse.security:def:26049	P	Security update for lz4 (Important)	2021-05-14
oval:org.opensuse.security:def:32078	P	Security update for the Linux Kernel (Live Patch 37 for SLE 12 SP3) (Important)	2021-04-28
oval:org.opensuse.security:def:31612	P	Security update for gdm (Important)	2021-04-28
oval:org.opensuse.security:def:26026	P	Security update for cifs-utils (Moderate)	2021-04-13
oval:org.opensuse.security:def:32891	P	Security update for openexr (Moderate)	2021-04-07
oval:org.opensuse.security:def:32060	P	Security update for the Linux Kernel (Live Patch 32 for SLE 12 SP3) (Important)	2021-04-07
oval:org.opensuse.security:def:26209	P	Security update for apache2 (Moderate)	2021-03-12
oval:org.opensuse.security:def:31348	P	Security update for perl-XML-Twig (Moderate)	2021-03-01
oval:org.opensuse.security:def:33082	P	Security update for freeradius-server (Low)	2021-02-22
oval:org.opensuse.security:def:26195	P	Security update for php74 (Important)	2021-02-19
oval:org.opensuse.security:def:31624	P	Security update for dnsmasq (Important)	2021-01-19
oval:org.opensuse.security:def:26133	P	Security update for java-1_8_0-ibm (Moderate)	2021-01-05
oval:org.opensuse.security:def:31625	P	Security update for flac (Moderate)	2021-01-04
oval:org.opensuse.security:def:26054	P	Security update for flac (Moderate)	2021-01-04
oval:org.opensuse.security:def:32012	P	Security update for the Linux Kernel (Live Patch 35 for SLE 12 SP3) (Important)	2020-12-07
oval:org.opensuse.security:def:32004	P	Security update for postgresql12 (Important)	2020-12-04
oval:org.opensuse.security:def:35570	P	kdebase3-runtime-3.5.10-20.31 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:35724	P	kdebase3-runtime-3.5.10-20.31 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:41977	P	kdebase3-runtime-3.5.10-20.31 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:35927	P	kdebase3-runtime-3.5.10-20.31 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:31559	P	Security update for gdm (Important)	2020-12-03
oval:org.opensuse.security:def:31039	P	Security update for kdelibs3 (Moderate)	2020-12-01
oval:org.opensuse.security:def:25560	P	Security update for openldap2 (Important)	2020-12-01
oval:org.opensuse.security:def:31802	P	Security update for adns (Important)	2020-12-01
oval:org.opensuse.security:def:26439	P	Security update for MozillaThunderbird (Important)	2020-12-01
oval:org.opensuse.security:def:31394	P	Security update for patch (Important)	2020-12-01
oval:org.opensuse.security:def:25911	P	Security update for gstreamer-plugins-base (Low)	2020-12-01
oval:org.opensuse.security:def:31792	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:26926	P	kdebase3-runtime on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25121	P	Security update for wireshark (Moderate)	2020-12-01
oval:org.opensuse.security:def:31124	P	Security update for kvm (Important)	2020-12-01
oval:org.opensuse.security:def:25701	P	Security update for libexif (Moderate)	2020-12-01
oval:org.opensuse.security:def:27364	P	PolicyKit-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31406	P	Security update for perl-PlRPC (Moderate)	2020-12-01
oval:org.opensuse.security:def:25800	P	Security update for polkit (Moderate)	2020-12-01
oval:org.opensuse.security:def:25133	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:25905	P	Security update for flash-player (Important)	2020-12-01
oval:org.opensuse.security:def:25478	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:26284	P	Security update for taglib (Low)	2020-12-01
oval:org.opensuse.security:def:25853	P	Security update for gtk2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:32689	P	kdebase3-runtime on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25950	P	Security update for evince (Important)	2020-12-01
oval:org.opensuse.security:def:25325	P	Security update for freetype2 (Important)	2020-12-01
oval:org.opensuse.security:def:31492	P	Security update for Python	2020-12-01
oval:org.opensuse.security:def:25553	P	Security update for mutt (Important)	2020-12-01
oval:org.opensuse.security:def:31761	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:26629	P	perl-Tk on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26689	P	ed on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25962	P	Security update for mariadb (Important)	2020-12-01
oval:org.opensuse.security:def:25463	P	Security update for mailman (Important)	2020-12-01
oval:org.opensuse.security:def:31858	P	Security update for cups (Important)	2020-12-01
oval:org.opensuse.security:def:26253	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:25762	P	Security update for Xerces-C (Moderate)	2020-12-01
oval:org.opensuse.security:def:26682	P	cyrus-imapd on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25698	P	Security update for dpdk (Moderate)	2020-12-01
oval:org.opensuse.security:def:31946	P	Security update for gnutls (Moderate)	2020-12-01
oval:org.opensuse.security:def:27156	P	kdebase3-runtime on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25275	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:25903	P	Security update for util-linux (Important)	2020-12-01
oval:org.opensuse.security:def:32339	P	Security update for shim (Moderate)	2020-12-01
oval:org.opensuse.security:def:32496	P	coolkey on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26292	P	Security update for the Linux Kernel (Moderate)	2020-12-01
oval:org.opensuse.security:def:25954	P	Security update for libvirt (Moderate)	2020-12-01
oval:org.opensuse.security:def:25287	P	Security update for samba (Moderate)	2020-12-01
oval:org.opensuse.security:def:31502	P	Security update for python27 (Moderate)	2020-12-01
oval:org.opensuse.security:def:32400	P	Security update for vim (Important)	2020-12-01
oval:org.opensuse.security:def:25708	P	Security update for mariadb-100 (Moderate)	2020-12-01
oval:org.opensuse.security:def:31842	P	Security update for bzip2 (Important)	2020-12-01
oval:org.opensuse.security:def:26527	P	boost-license on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26007	P	Security update for libid3tag (Moderate)	2020-12-01
oval:org.opensuse.security:def:31038	P	Security update for kdebase4-workspace (Moderate)	2020-12-01
oval:org.opensuse.security:def:25479	P	Security update for mariadb (Moderate)	2020-12-01
oval:org.opensuse.security:def:26425	P	Security update for pdns (Low)	2020-12-01
oval:org.opensuse.security:def:26570	P	kdebase3-runtime on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25783	P	Security update for flash-player (Critical)	2020-12-01
oval:org.opensuse.security:def:31991	P	Security update for java-1_7_1-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:26891	P	evolution-data-server on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31050	P	Security update for the Linux Kernel	2020-12-01
oval:org.opensuse.security:def:25617	P	Security update for jasper (Low)	2020-12-01
oval:org.opensuse.security:def:26483	P	Security update for chromium (Moderate)	2020-12-01
oval:org.opensuse.security:def:31395	P	Security update for perl	2020-12-01
oval:org.opensuse.security:def:25992	P	Security update for webkit2gtk3 (Important)	2020-12-01
oval:org.opensuse.security:def:31814	P	Security update for apache2-mod_nss (Moderate)	2020-12-01
oval:org.opensuse.security:def:25122	P	Security update for ghostscript (Important)	2020-12-01
oval:org.opensuse.security:def:25852	P	Security update for flash-playerqemu (Important)	2020-12-01
oval:org.opensuse.security:def:27399	P	fileshareset on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25477	P	Security update for spectre-meltdown-checker (Moderate)	2020-12-01
oval:org.opensuse.security:def:31480	P	Security update for python (Moderate)	2020-12-01
oval:org.opensuse.security:def:25839	P	Security update for gimp (Moderate)	2020-12-01
oval:org.opensuse.security:def:32650	P	dhcp on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25197	P	Security update for gnuplot (Moderate)	2020-12-01
oval:org.opensuse.security:def:31405	P	Security update for perl-DBI (Important)	2020-12-01
oval:org.opensuse.security:def:32444	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:25489	P	Security update for pam_radius (Important)	2020-12-01
oval:org.opensuse.security:def:26337	P	Security update for freexl (Low)	2020-12-01
oval:org.opensuse.security:def:25897	P	Security update for mariadb (Important)	2020-12-01
oval:org.opensuse.security:def:25951	P	Security update for pcsc-lite (Moderate)	2020-12-01
oval:org.opensuse.security:def:25406	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:33121	P	kdebase3-runtime on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25681	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:31848	P	Security update for clamav (Moderate)	2020-12-01
oval:org.opensuse.security:def:26668	P	apache2-mod_jk on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26724	P	kdebase3-runtime on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25547	P	Security update for curl (Important)	2020-12-01
oval:org.opensuse.security:def:31907	P	Security update for freetype2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:27121	P	fastjar on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25819	P	Security update for python-tornado (Moderate)	2020-12-01
oval:org.opensuse.security:def:26726	P	kdelibs4 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26235	P	Security update for ImageMagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:25751	P	Security update for libssh (Moderate)	2020-12-01
oval:org.opensuse.security:def:31968	P	Security update for ipmitool (Important)	2020-12-01
oval:org.opensuse.security:def:25276	P	Security update for openssl-1_1 (Moderate)	2020-12-01
oval:org.opensuse.security:def:31410	P	Security update for php53 (Important)	2020-12-01
oval:org.opensuse.security:def:32378	P	Security update for tiff (Moderate)	2020-12-01
oval:org.opensuse.security:def:32535	P	kdebase3-runtime on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25707	P	Security update for java-1_7_1-ibm (Moderate)	2020-12-01
oval:org.opensuse.security:def:26376	P	Security update for MozillaThunderbird (Moderate)	2020-12-01
oval:org.opensuse.security:def:25993	P	Security update for gd (Moderate)	2020-12-01
oval:org.opensuse.security:def:32852	P	ed on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25351	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:26386	P	Security update for kdepim, messagelib (Moderate)	2020-12-01
oval:org.opensuse.security:def:26535	P	cyrus-imapd on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25719	P	Security update for ipmitool (Important)	2020-12-01
oval:org.opensuse.security:def:31934	P	Security update for glibc (Important)	2020-12-01
oval:org.opensuse.security:def:26580	P	libQtWebKit4-32bit on GA media (Moderate)	2020-12-01
oval:org.mitre.oval:def:17472	P	USN-517-1 -- kdebase vulnerability	2014-06-30
oval:org.mitre.oval:def:18533	P	DSA-1376-1 kdebase - programming error	2014-06-23
oval:org.mitre.oval:def:22556	P	ELSA-2007:0905: kdebase security update (Moderate)	2014-05-26
oval:org.mitre.oval:def:10359	V	backend/session.c in KDM in KDE 3.3.0 through 3.5.7, when autologin is configured and "shutdown with password" is enabled, allows remote attackers to bypass the password requirement and login to arbitrary accounts via unspecified vectors.	2013-04-29
oval:com.redhat.rhsa:def:20070905	P	RHSA-2007:0905: kdebase security update (Moderate)	2007-10-08
oval:org.debian:def:1376	V	programming error	2007-09-21

BACK