Vulnerability Description
KDE Display Manager (KDM) in KDE 3.2.0 up to 3.5.3 allows local users to read arbitrary files via a symlink attack related to the session type for login.
CVSS Score
4.0
MEDIUM
AV:L/AC:H/Au:N/C:C/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Kde | Kde | 3.2 |
References
- http://secunia.com/advisories/20602Vendor Advisory
- http://secunia.com/advisories/20660Vendor Advisory
- http://secunia.com/advisories/20674Vendor Advisory
- http://secunia.com/advisories/20702Vendor Advisory
- http://secunia.com/advisories/20785Vendor Advisory
- http://secunia.com/advisories/20869Vendor Advisory
- http://secunia.com/advisories/20890Vendor Advisory
- http://secunia.com/advisories/21662Vendor Advisory
- http://securitytracker.com/id?1016297
- http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware
- http://www.debian.org/security/2006/dsa-1156Vendor Advisory
- http://www.gentoo.org/security/en/glsa/glsa-200606-23.xml
- http://www.kde.org/info/security/advisory-20060614-1.txtVendor Advisory
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:105
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:106
FAQ
What is CVE-2006-2449?
CVE-2006-2449 is a vulnerability with a CVSS score of 4.0 (MEDIUM). KDE Display Manager (KDM) in KDE 3.2.0 up to 3.5.3 allows local users to read arbitrary files via a symlink attack related to the session type for login.
How severe is CVE-2006-2449?
CVE-2006-2449 has been rated MEDIUM with a CVSS base score of 4.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-2449?
Check the references section above for vendor advisories and patch information. Affected products include: Kde Kde.