diff options
author | Alberto Villa <avilla@FreeBSD.org> | 2010-04-14 19:04:39 +0000 |
---|---|---|
committer | Alberto Villa <avilla@FreeBSD.org> | 2010-04-14 19:04:39 +0000 |
commit | 0e435ac5f82384a49ed60ed52d07541de339903b (patch) | |
tree | 6adff90df5132469b35bbf8d995f4e54b42e5470 /security | |
parent | d2386c5aaabfd4702dfddfa81e768888c713b3b0 (diff) | |
download | ports-0e435ac5f82384a49ed60ed52d07541de339903b.tar.gz ports-0e435ac5f82384a49ed60ed52d07541de339903b.zip |
- Document KDM local privilege escalation vulnerability.
Approved by: tabthorpe (mentor), delphij (secteam)
Notes
Notes:
svn path=/head/; revision=252685
Diffstat (limited to 'security')
-rw-r--r-- | security/vuxml/vuln.xml | 35 |
1 files changed, 35 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 6103b09a946a..d2cc2dbef7a0 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -34,6 +34,41 @@ Note: Please add new entries to the beginning of this file. --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="3987c5d1-47a9-11df-a0d5-0016d32f24fb"> + <topic>KDM local privilege escalation vulnerability</topic> + <affects> + <package> + <name>kdebase</name> + <range><ge>0</ge></range> + </package> + <package> + <name>kdebase-workspace</name> + <range><le>4.3.5_1</le></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>KDE Security Advisory reports:</p> + <blockquote cite="http://www.kde.org/info/security/advisory-20100413-1.txt"> + <p>KDM contains a race condition that allows local attackers + to make arbitrary files on the system world-writeable. + This can happen while KDM tries to create its control + socket during user login. A local attacker with a valid + local account can under certain circumstances make use of + this vulnerability to execute arbitrary code as root.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2010-0436</cvename> + <url>http://www.kde.org/info/security/advisory-20100413-1.txt</url> + </references> + <dates> + <discovery>2010-04-13</discovery> + <entry>2010-04-14</entry> + </dates> + </vuln> + <vuln vid="805603a1-3e7a-11df-a5a1-0050568452ac"> <topic>dojo -- cross-site scripting and other vulnerabilities</topic> <affects> |