FrSIRT - Fedora Security Update Fixes KDE Display Manager Authentication Bypass / Exploit (Security Advisories)

French Security Incident Response Team

French

English

Fedora Security Update Fixes KDE Display Manager Authentication Bypass

Title : Fedora Security Update Fixes KDE Display Manager Authentication Bypass
Advisory ID : FrSIRT/ADV-2007-3371
CVE ID : CVE-2007-4569
Rated as : Low Risk

Remotely Exploitable : No
Locally Exploitable : Yes
Release Date : 2007-10-05

Advisory Details

Description

Affected Products

Solution

References

Technical Description

A vulnerability has been identified in Fedora, which could be exploited by malicious users to bypass security restrictions and potentially obtain elevated privileges [...]

Solution

Upgrade the affected packages :

43a9262b4e157635e47cb96ae0c7e21a63dd2125 kdebase-extras-3.5.7-13.1.fc7.ppc64.rpm
49bceaaf2e10ea1cb68cef5939e4f6e1fd9577e5 kdebase-devel-3.5.7-13.1.fc7.ppc64.rpm
54d8e00e58c2143fca39e9887788632378bc49c0 kdebase-3.5.7-13.1.fc7.ppc64.rpm
f6fd06ddf505fef0db2cc516c5ff73d71ec3e56c kdebase-debuginfo-3.5.7-13.1.fc7.ppc64.rpm
92d5cd83bc93cc51b99ad489ad2c1dac1962575e kdebase-extras-3.5.7-13.1.fc7.i386.rpm
8c5d96de7ba3432e8a87d6e8f4038e173ed8ef1f kdebase-3.5.7-13.1.fc7.i386.rpm
36f8d70cf6858649a64bb94587f28efe89c3bbff kdebase-debuginfo-3.5.7-13.1.fc7.i386.rpm
6857ce26edac5f17d0bc1d4588e8e87060f595b6 kdebase-devel-3.5.7-13.1.fc7.i386.rpm
4021b3084a64a660f7c7ec270d02cb6678c65f18 kdebase-extras-3.5.7-13.1.fc7.x86_64.rpm
29fe34dbd26d792eb22407b29a52faf6d9459384 kdebase-3.5.7-13.1.fc7.x86_64.rpm
2c6c0df736797a5b379e92f651183de22a3bb50a kdebase-devel-3.5.7-13.1.fc7.x86_64.rpm
9880ddf44fae86c142cb946a3e8d42b0ba9a4892 kdebase-debuginfo-3.5.7-13.1.fc7.x86_64.rpm
7ddd41f30a76bd8a21728348427bb7e02cfec1f4 kdebase-debuginfo-3.5.7-13.1.fc7.ppc.rpm
a0d49145c25222d4b41a6bd84f5fd5d341c63626 kdebase-3.5.7-13.1.fc7.ppc.rpm
71548db1e05e9dcbc2805cbdd372bea20a3a34ee kdebase-extras-3.5.7-13.1.fc7.ppc.rpm
833d51ffbfbcc521fb5e050bba42a4efcf464b0b kdebase-devel-3.5.7-13.1.fc7.ppc.rpm
a2265698c6dce6a8640692e70074b11594532986 kdebase-3.5.7-13.1.fc7.src.rpm

ChangeLog

2007-10-05 : Initial release

Vulnerability Management

Subscribe to FrSIRT VNS and receive real-time e-mail and SMS alerts when new vulnerabilities, exploits, or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form or by email to updates@frsirt.com.

Mailinglist

	Sun Java System Web Proxy Server FTP Heap Overflow
	Sun Solaris ACL UFS File Systems Denial of Service Vulnerability
	Sun Solaris Text Editors Tag Files Local Code Execution Vulnerability
	Sun Management Center Remote Denial of Service Vulnerability
	Sun Solaris Bzip2 Archive Handling Denial of Service Vulnerability
	Sun Solaris GNU Tar Headers Handling Buffer Overflow Vulnerability
	Sun Solaris Covert Channel Local Security Bypass Vulnerability

	Microsoft Windows Kernel Local Integer Overflow Vulnerability
	Microsoft Windows Vista "WRITE_ANDX" Denial of Service Vulnerability
	Microsoft Office OneNote URL Code Execution (MS08-055)
	Microsoft GDI+ Multiple Code Execution Vulnerabilities (MS08-052)
	Microsoft Visual Studio "Msmask32" Code Execution Vulnerability
	Microsoft PowerPoint Command Execution Vulnerabilities (MS08-051)
	Microsoft Windows Messenger Data Disclosure (MS08-050)

	Oracle Products Multiple Code Execution and Security Bypass Issues
	Oracle Products Command Execution and SQL Injection Vulnerabilities
	Oracle Products Multiple Code Execution and SQL Injection Vulnerabilities
	Oracle Database "PITRIG_DROPMETADATA" Buffer Overflow Vulnerability
	Oracle Products Multiple Code Execution and SQL Injection Vulnerabilities
	Oracle JInitiator ActiveX Control Multiple Remote Buffer Overflow Vulnerabilities
	Oracle Products Multiple Remote Command Execution and SQL Injection Vulnerabilities