RHEL 4 / 5 : kdebase (RHSA-2010:0348)

This script is Copyright (C) 2010-2014 Tenable Network Security, Inc.


Synopsis :

The remote Red Hat host is missing one or more security updates.

Description :

Updated kdebase packages that fix one security issue are now available
for Red Hat Enterprise Linux 4 and 5.

The Red Hat Security Response Team has rated this update as having
important security impact. A Common Vulnerability Scoring System
(CVSS) base score, which gives a detailed severity rating, is
available from the CVE link in the References section.

The K Desktop Environment (KDE) is a graphical desktop environment for
the X Window System. The kdebase packages include core applications
for KDE.

A privilege escalation flaw was found in the KDE Display Manager
(KDM). A local user with console access could trigger a race
condition, possibly resulting in the permissions of an arbitrary file
being set to world-writable, allowing privilege escalation.
(CVE-2010-0436)

Red Hat would like to thank Sebastian Krahmer of the SuSE Security
Team for responsibly reporting this issue.

Users of KDE should upgrade to these updated packages, which contain a
backported patch to correct this issue. The system should be rebooted
for this update to take effect. After the reboot, administrators
should manually remove all leftover user-owned dmctl-* directories in
'/var/run/xdmctl/'.

See also :

https://www.redhat.com/security/data/cve/CVE-2010-0436.html
http://rhn.redhat.com/errata/RHSA-2010-0348.html

Solution :

Update the affected kdebase and / or kdebase-devel packages.

Risk factor :

Medium / CVSS Base Score : 6.9
(CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C)

Family: Red Hat Local Security Checks

Nessus Plugin ID: 46298 ()

Bugtraq ID:

CVE ID: CVE-2010-0436