Upstream information
Description
backend/session.c in KDM in KDE 3.3.0 through 3.5.7, when autologin is configured and "shutdown with password" is enabled, allows remote attackers to bypass the password requirement and login to arbitrary accounts via unspecified vectors.SUSE information
Overall state of this security issue: Resolved
This issue is currently rated as having important severity.
| National Vulnerability Database | |
|---|---|
| Base Score | 6.8 |
| Vector | AV:L/AC:L/Au:S/C:C/I:C/A:C |
| Access Vector | Local |
| Access Complexity | Low |
| Authentication | Single |
| Confidentiality Impact | Complete |
| Integrity Impact | Complete |
| Availability Impact | Complete |
SUSE Security Advisories:
- SUSE-SR:2007:021, published Fri, 19 Oct 2007 17:00:00 +0000
List of released packages
| Product(s) | Fixed package version(s) | References |
|---|---|---|
| SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 |
| Patchnames: SUSE Linux Enterprise Software Development Kit 11 SP4 GA fileshareset-2.0-20.31 |
| SUSE Linux Enterprise Server 11 SP1 |
| Patchnames: SUSE Linux Enterprise Server 11 SP1 GA kdebase3-runtime-3.5.10-20.31 |
| SUSE Linux Enterprise Server 11 SP2 |
| Patchnames: SUSE Linux Enterprise Server 11 SP2 GA kdebase3-runtime-3.5.10-20.31 |
| SUSE Linux Enterprise Server 11 SP3 |
| Patchnames: SUSE Linux Enterprise Server 11 SP3 GA kdebase3-runtime-3.5.10-20.31 |
| SUSE Linux Enterprise Server 11 SP4 |
| Patchnames: SUSE Linux Enterprise Server 11 SP4 GA kdebase3-runtime-3.5.10-20.31 SUSE Linux Enterprise Software Development Kit 11 SP4 GA fileshareset-2.0-20.31 |
SUSE Timeline for this CVE
CVE page created: Tue Jul 9 15:58:26 2013CVE page last modified: Sat Jun 15 20:50:17 2024