Vulnerability Description
Race condition in backend/ctrl.c in KDM in KDE Software Compilation (SC) 2.2.0 through 4.4.2 allows local users to change the permissions of arbitrary files, and consequently gain privileges, by blocking the removal of a certain directory that contains a control socket, related to improper interaction with ksm.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Kde | Kde Sc | 2.2.0 |
Related Weaknesses (CWE)
References
- ftp://ftp.kde.org/pub/kde/security_patches/kdebase-workspace-4.3.5-CVE-2010-0436Patch
- http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039533.html
- http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00002.html
- http://rhn.redhat.com/errata/RHSA-2010-0348.html
- http://secunia.com/advisories/39419Vendor Advisory
- http://secunia.com/advisories/39481
- http://secunia.com/advisories/39506
- http://www.debian.org/security/2010/dsa-2037
- http://www.kde.org/info/security/advisory-20100413-1.txtVendor Advisory
- http://www.securityfocus.com/bid/39467
- http://www.vupen.com/english/advisories/2010/0879PatchVendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=570613
- https://exchange.xforce.ibmcloud.com/vulnerabilities/57823
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- ftp://ftp.kde.org/pub/kde/security_patches/kdebase-workspace-4.3.5-CVE-2010-0436Patch
FAQ
What is CVE-2010-0436?
CVE-2010-0436 is a vulnerability with a CVSS score of 6.9 (MEDIUM). Race condition in backend/ctrl.c in KDM in KDE Software Compilation (SC) 2.2.0 through 4.4.2 allows local users to change the permissions of arbitrary files, and consequently gain privileges, by block...
How severe is CVE-2010-0436?
CVE-2010-0436 has been rated MEDIUM with a CVSS base score of 6.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-0436?
Check the references section above for vendor advisories and patch information. Affected products include: Kde Kde Sc.