Mandrake Local Security Checks : Mandrake Security Advisory MDKSA-2006:106 (mdkkdm)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.56972

Categoría: Mandrake Local Security Checks

Título: Mandrake Security Advisory MDKSA-2006:106 (mdkkdm)

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing an update to mdkkdm
announced via advisory MDKSA-2006:106.

A problem with how kdm manages the ~
/.dmrc file was discovered by
Ludwig Nussel. By using a symlink attack, a local user could get kdm
to read arbitrary files on the system, including privileged system
files and those belonging to other users.

Mandriva's mdkkdm also suffers from this same problem and has been
patched to correct it. Only Corporate 3 is affected
in Mandriva Linux
2006, mdkkdm is in contribs.

Affected: Corporate 3.0

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

http://www.securityspace.com/smysecure/catid.html?in=MDKSA-2006:106

Risk factor : Medium

CVSS Score:
4.0

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2006-2449
1016297
http://securitytracker.com/id?1016297
18431
http://www.securityfocus.com/bid/18431
20060614 [KDE Security Advisory] KDM symlink attack vulnerability
http://www.securityfocus.com/archive/1/437133/100/0/threaded
20060615 rPSA-2006-0106-1 kdebase
http://www.securityfocus.com/archive/1/437322/100/0/threaded
20602
http://secunia.com/advisories/20602
20660
http://secunia.com/advisories/20660
20674
http://secunia.com/advisories/20674
20702
http://secunia.com/advisories/20702
20785
http://secunia.com/advisories/20785
20869
http://secunia.com/advisories/20869
20890
http://secunia.com/advisories/20890
21662
http://secunia.com/advisories/21662
26511
http://www.osvdb.org/26511
ADV-2006-2355
http://www.vupen.com/english/advisories/2006/2355
DSA-1156
http://www.debian.org/security/2006/dsa-1156
GLSA-200606-23
http://www.gentoo.org/security/en/glsa/glsa-200606-23.xml
MDKSA-2006:105
http://www.mandriva.com/security/advisories?name=MDKSA-2006:105
MDKSA-2006:106
http://www.mandriva.com/security/advisories?name=MDKSA-2006:106
RHSA-2006:0548
http://www.redhat.com/support/errata/RHSA-2006-0548.html
SSA:2006-178-01
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.444467
SUSE-SA:2006:039
http://www.novell.com/linux/security/advisories/2006_39_kdm.html
USN-301-1
https://usn.ubuntu.com/301-1/
http://www.kde.org/info/security/advisory-20060614-1.txt
kde-kdm-symlink(27181)
https://exchange.xforce.ibmcloud.com/vulnerabilities/27181
oval:org.mitre.oval:def:9844
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9844

Copyright Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.56972
Categoría:	Mandrake Local Security Checks
Título:	Mandrake Security Advisory MDKSA-2006:106 (mdkkdm)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to mdkkdm announced via advisory MDKSA-2006:106. A problem with how kdm manages the ~ /.dmrc file was discovered by Ludwig Nussel. By using a symlink attack, a local user could get kdm to read arbitrary files on the system, including privileged system files and those belonging to other users. Mandriva's mdkkdm also suffers from this same problem and has been patched to correct it. Only Corporate 3 is affected in Mandriva Linux 2006, mdkkdm is in contribs. Affected: Corporate 3.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDKSA-2006:106 Risk factor : Medium CVSS Score: 4.0
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2006-2449 1016297 http://securitytracker.com/id?1016297 18431 http://www.securityfocus.com/bid/18431 20060614 [KDE Security Advisory] KDM symlink attack vulnerability http://www.securityfocus.com/archive/1/437133/100/0/threaded 20060615 rPSA-2006-0106-1 kdebase http://www.securityfocus.com/archive/1/437322/100/0/threaded 20602 http://secunia.com/advisories/20602 20660 http://secunia.com/advisories/20660 20674 http://secunia.com/advisories/20674 20702 http://secunia.com/advisories/20702 20785 http://secunia.com/advisories/20785 20869 http://secunia.com/advisories/20869 20890 http://secunia.com/advisories/20890 21662 http://secunia.com/advisories/21662 26511 http://www.osvdb.org/26511 ADV-2006-2355 http://www.vupen.com/english/advisories/2006/2355 DSA-1156 http://www.debian.org/security/2006/dsa-1156 GLSA-200606-23 http://www.gentoo.org/security/en/glsa/glsa-200606-23.xml MDKSA-2006:105 http://www.mandriva.com/security/advisories?name=MDKSA-2006:105 MDKSA-2006:106 http://www.mandriva.com/security/advisories?name=MDKSA-2006:106 RHSA-2006:0548 http://www.redhat.com/support/errata/RHSA-2006-0548.html SSA:2006-178-01 http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.444467 SUSE-SA:2006:039 http://www.novell.com/linux/security/advisories/2006_39_kdm.html USN-301-1 https://usn.ubuntu.com/301-1/ http://www.kde.org/info/security/advisory-20060614-1.txt kde-kdm-symlink(27181) https://exchange.xforce.ibmcloud.com/vulnerabilities/27181 oval:org.mitre.oval:def:9844 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9844
Copyright	Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com