FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

KDM -- local privilege escalation vulnerability

Affected packages
kdebase <= 3.5.10_6
kdebase-workspace <= 4.3.5_1

Details

VuXML ID 3987c5d1-47a9-11df-a0d5-0016d32f24fb
Discovery 2010-04-13
Entry 2010-04-14
Modified 2010-04-14

KDE Security Advisory reports:

KDM contains a race condition that allows local attackers to make arbitrary files on the system world-writeable. This can happen while KDM tries to create its control socket during user login. A local attacker with a valid local account can under certain circumstances make use of this vulnerability to execute arbitrary code as root.

References

CVE Name CVE-2010-0436
URL http://www.kde.org/info/security/advisory-20100413-1.txt