Mandrake Local Security Checks : Mandrake Security Advisory MDKSA-2006:106 (mdkkdm)

Búsqueda de Vulnerabilidad		Buscar 219043 Descripciones CVE y 99761 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.56972

Categoría: Mandrake Local Security Checks

Título: Mandrake Security Advisory MDKSA-2006:106 (mdkkdm)

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing an update to mdkkdm
announced via advisory MDKSA-2006:106.

A problem with how kdm manages the ~
/.dmrc file was discovered by
Ludwig Nussel. By using a symlink attack, a local user could get kdm
to read arbitrary files on the system, including privileged system
files and those belonging to other users.

Mandriva's mdkkdm also suffers from this same problem and has been
patched to correct it. Only Corporate 3 is affected
in Mandriva Linux
2006, mdkkdm is in contribs.

Affected: Corporate 3.0

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

http://www.securityspace.com/smysecure/catid.html?in=MDKSA-2006:106

Risk factor : Medium

CVSS Score:
4.0

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2006-2449
BugTraq ID: 18431
http://www.securityfocus.com/bid/18431
Bugtraq: 20060614 [KDE Security Advisory] KDM symlink attack vulnerability (Google Search)
http://www.securityfocus.com/archive/1/437133/100/0/threaded
Bugtraq: 20060615 rPSA-2006-0106-1 kdebase (Google Search)
http://www.securityfocus.com/archive/1/437322/100/0/threaded
Debian Security Information: DSA-1156 (Google Search)
http://www.debian.org/security/2006/dsa-1156
http://www.gentoo.org/security/en/glsa/glsa-200606-23.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2006:105
http://www.mandriva.com/security/advisories?name=MDKSA-2006:106
http://www.osvdb.org/26511
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9844
http://www.redhat.com/support/errata/RHSA-2006-0548.html
http://securitytracker.com/id?1016297
http://secunia.com/advisories/20602
http://secunia.com/advisories/20660
http://secunia.com/advisories/20674
http://secunia.com/advisories/20702
http://secunia.com/advisories/20785
http://secunia.com/advisories/20869
http://secunia.com/advisories/20890
http://secunia.com/advisories/21662
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.444467
SuSE Security Announcement: SUSE-SA:2006:039 (Google Search)
http://www.novell.com/linux/security/advisories/2006_39_kdm.html
https://usn.ubuntu.com/301-1/
http://www.vupen.com/english/advisories/2006/2355
XForce ISS Database: kde-kdm-symlink(27181)
https://exchange.xforce.ibmcloud.com/vulnerabilities/27181

Copyright Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.56972
Categoría:	Mandrake Local Security Checks
Título:	Mandrake Security Advisory MDKSA-2006:106 (mdkkdm)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to mdkkdm announced via advisory MDKSA-2006:106. A problem with how kdm manages the ~ /.dmrc file was discovered by Ludwig Nussel. By using a symlink attack, a local user could get kdm to read arbitrary files on the system, including privileged system files and those belonging to other users. Mandriva's mdkkdm also suffers from this same problem and has been patched to correct it. Only Corporate 3 is affected in Mandriva Linux 2006, mdkkdm is in contribs. Affected: Corporate 3.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDKSA-2006:106 Risk factor : Medium CVSS Score: 4.0
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2006-2449 BugTraq ID: 18431 http://www.securityfocus.com/bid/18431 Bugtraq: 20060614 [KDE Security Advisory] KDM symlink attack vulnerability (Google Search) http://www.securityfocus.com/archive/1/437133/100/0/threaded Bugtraq: 20060615 rPSA-2006-0106-1 kdebase (Google Search) http://www.securityfocus.com/archive/1/437322/100/0/threaded Debian Security Information: DSA-1156 (Google Search) http://www.debian.org/security/2006/dsa-1156 http://www.gentoo.org/security/en/glsa/glsa-200606-23.xml http://www.mandriva.com/security/advisories?name=MDKSA-2006:105 http://www.mandriva.com/security/advisories?name=MDKSA-2006:106 http://www.osvdb.org/26511 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9844 http://www.redhat.com/support/errata/RHSA-2006-0548.html http://securitytracker.com/id?1016297 http://secunia.com/advisories/20602 http://secunia.com/advisories/20660 http://secunia.com/advisories/20674 http://secunia.com/advisories/20702 http://secunia.com/advisories/20785 http://secunia.com/advisories/20869 http://secunia.com/advisories/20890 http://secunia.com/advisories/21662 http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.444467 SuSE Security Announcement: SUSE-SA:2006:039 (Google Search) http://www.novell.com/linux/security/advisories/2006_39_kdm.html https://usn.ubuntu.com/301-1/ http://www.vupen.com/english/advisories/2006/2355 XForce ISS Database: kde-kdm-symlink(27181) https://exchange.xforce.ibmcloud.com/vulnerabilities/27181
Copyright	Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com