Red Hat Local Security Checks : RedHat Security Advisory RHSA-2010:0348

Búsqueda de Vulnerabilidad		Buscar 219043 Descripciones CVE y 99761 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.67223

Categoría: Red Hat Local Security Checks

Título: RedHat Security Advisory RHSA-2010:0348

Resumen: NOSUMMARY

Descripción: Description:
The remote host is missing updates announced in
advisory RHSA-2010:0348.

The K Desktop Environment (KDE) is a graphical desktop environment for the
X Window System. The kdebase packages include core applications for KDE.

A privilege escalation flaw was found in the KDE Display Manager (KDM). A
local user with console access could trigger a race condition, possibly
resulting in the permissions of an arbitrary file being set to world
writable, allowing privilege escalation. (CVE-2010-0436)

Red Hat would like to thank Sebastian Krahmer of the SuSE Security Team for
responsibly reporting this issue.

Users of KDE should upgrade to these updated packages, which contain a
backported patch to correct this issue. The system should be rebooted for
this update to take effect. After the reboot, administrators should
manually remove all leftover user-owned dmctl-* directories in
/var/run/xdmctl/.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2010-0348.html
http://www.redhat.com/security/updates/classification/#important

Risk factor : High

CVSS Score:
6.9

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2010-0436
BugTraq ID: 39467
http://www.securityfocus.com/bid/39467
Debian Security Information: DSA-2037 (Google Search)
http://www.debian.org/security/2010/dsa-2037
http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039533.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9999
RedHat Security Advisories: RHSA-2010:0348
http://rhn.redhat.com/errata/RHSA-2010-0348.html
http://secunia.com/advisories/39419
http://secunia.com/advisories/39481
http://secunia.com/advisories/39506
SuSE Security Announcement: SUSE-SR:2010:009 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00002.html
http://www.vupen.com/english/advisories/2010/0879
XForce ISS Database: kde-kdm-privilege-escalation(57823)
https://exchange.xforce.ibmcloud.com/vulnerabilities/57823

Copyright Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.67223
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2010:0348
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2010:0348. The K Desktop Environment (KDE) is a graphical desktop environment for the X Window System. The kdebase packages include core applications for KDE. A privilege escalation flaw was found in the KDE Display Manager (KDM). A local user with console access could trigger a race condition, possibly resulting in the permissions of an arbitrary file being set to world writable, allowing privilege escalation. (CVE-2010-0436) Red Hat would like to thank Sebastian Krahmer of the SuSE Security Team for responsibly reporting this issue. Users of KDE should upgrade to these updated packages, which contain a backported patch to correct this issue. The system should be rebooted for this update to take effect. After the reboot, administrators should manually remove all leftover user-owned dmctl-* directories in /var/run/xdmctl/. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2010-0348.html http://www.redhat.com/security/updates/classification/#important Risk factor : High CVSS Score: 6.9
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2010-0436 BugTraq ID: 39467 http://www.securityfocus.com/bid/39467 Debian Security Information: DSA-2037 (Google Search) http://www.debian.org/security/2010/dsa-2037 http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039533.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9999 RedHat Security Advisories: RHSA-2010:0348 http://rhn.redhat.com/errata/RHSA-2010-0348.html http://secunia.com/advisories/39419 http://secunia.com/advisories/39481 http://secunia.com/advisories/39506 SuSE Security Announcement: SUSE-SR:2010:009 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00002.html http://www.vupen.com/english/advisories/2010/0879 XForce ISS Database: kde-kdm-privilege-escalation(57823) https://exchange.xforce.ibmcloud.com/vulnerabilities/57823
Copyright	Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com