Login Vulnerability in KDE 3.3.0 through 3.5.7

Sep 20, 2007

The KDE Display Manager (KDM) can be exploited to allow users to log in without a password. This would give users the ability to log in as other users or even root.

The threat affects password-protected accounts in specific conditions; for example if auto-login is configured and the function "shutdown with password" is enabled. The vulnerability which as been assigned the CVE ID 2007-4569 was disclosed on the KDE Announce mailing list.

It affects KDE versions 3.3.0 through 3.5.7. Older or newer versions are not affected. Source code patches are available for KDE 3.5.0 through KDE 3.5.7 and for KDE 3.3.0 through KDE 3.4.2 on the KDE project's FTP server.

Related content

comments powered by Disqus

Issue 19: Linux Shell Handbook 5th Ed./Special Editions

Buy this issue as a PDF

Digital Issue: Price $15.99
(incl. VAT)

News