Red Hat Local Security Checks : RedHat Security Advisory RHSA-2010:0348

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.67223

Categoría: Red Hat Local Security Checks

Título: RedHat Security Advisory RHSA-2010:0348

Resumen: NOSUMMARY

Descripción: Description:
The remote host is missing updates announced in
advisory RHSA-2010:0348.

The K Desktop Environment (KDE) is a graphical desktop environment for the
X Window System. The kdebase packages include core applications for KDE.

A privilege escalation flaw was found in the KDE Display Manager (KDM). A
local user with console access could trigger a race condition, possibly
resulting in the permissions of an arbitrary file being set to world
writable, allowing privilege escalation. (CVE-2010-0436)

Red Hat would like to thank Sebastian Krahmer of the SuSE Security Team for
responsibly reporting this issue.

Users of KDE should upgrade to these updated packages, which contain a
backported patch to correct this issue. The system should be rebooted for
this update to take effect. After the reboot, administrators should
manually remove all leftover user-owned dmctl-* directories in
/var/run/xdmctl/.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2010-0348.html
http://www.redhat.com/security/updates/classification/#important

Risk factor : High

CVSS Score:
6.9

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2010-0436
39419
http://secunia.com/advisories/39419
39467
http://www.securityfocus.com/bid/39467
39481
http://secunia.com/advisories/39481
39506
http://secunia.com/advisories/39506
ADV-2010-0879
http://www.vupen.com/english/advisories/2010/0879
DSA-2037
http://www.debian.org/security/2010/dsa-2037
FEDORA-2010-6605
http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039533.html
RHSA-2010:0348
http://rhn.redhat.com/errata/RHSA-2010-0348.html
SUSE-SR:2010:009
http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00002.html
ftp://ftp.kde.org/pub/kde/security_patches/kdebase-workspace-4.3.5-CVE-2010-0436.diff
http://www.kde.org/info/security/advisory-20100413-1.txt
https://bugzilla.redhat.com/show_bug.cgi?id=570613
kde-kdm-privilege-escalation(57823)
https://exchange.xforce.ibmcloud.com/vulnerabilities/57823
oval:org.mitre.oval:def:9999
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9999

Copyright Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.67223
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2010:0348
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2010:0348. The K Desktop Environment (KDE) is a graphical desktop environment for the X Window System. The kdebase packages include core applications for KDE. A privilege escalation flaw was found in the KDE Display Manager (KDM). A local user with console access could trigger a race condition, possibly resulting in the permissions of an arbitrary file being set to world writable, allowing privilege escalation. (CVE-2010-0436) Red Hat would like to thank Sebastian Krahmer of the SuSE Security Team for responsibly reporting this issue. Users of KDE should upgrade to these updated packages, which contain a backported patch to correct this issue. The system should be rebooted for this update to take effect. After the reboot, administrators should manually remove all leftover user-owned dmctl-* directories in /var/run/xdmctl/. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2010-0348.html http://www.redhat.com/security/updates/classification/#important Risk factor : High CVSS Score: 6.9
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2010-0436 39419 http://secunia.com/advisories/39419 39467 http://www.securityfocus.com/bid/39467 39481 http://secunia.com/advisories/39481 39506 http://secunia.com/advisories/39506 ADV-2010-0879 http://www.vupen.com/english/advisories/2010/0879 DSA-2037 http://www.debian.org/security/2010/dsa-2037 FEDORA-2010-6605 http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039533.html RHSA-2010:0348 http://rhn.redhat.com/errata/RHSA-2010-0348.html SUSE-SR:2010:009 http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00002.html ftp://ftp.kde.org/pub/kde/security_patches/kdebase-workspace-4.3.5-CVE-2010-0436.diff http://www.kde.org/info/security/advisory-20100413-1.txt https://bugzilla.redhat.com/show_bug.cgi?id=570613 kde-kdm-privilege-escalation(57823) https://exchange.xforce.ibmcloud.com/vulnerabilities/57823 oval:org.mitre.oval:def:9999 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9999
Copyright	Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com