GLSA-200606-23 : KDM: Symlink vulnerability

This script is Copyright (C) 2006-2015 Tenable Network Security, Inc.

Synopsis :

The remote Gentoo host is missing one or more security-related

Description :

The remote host is affected by the vulnerability described in GLSA-200606-23
(KDM: Symlink vulnerability)

Ludwig Nussel discovered that KDM could be tricked into allowing users
to read files that would otherwise not be readable.

Impact :

A local attacker could exploit this issue to obtain potentially
sensitive information that is usually not accessable to the local user
such as shadow files or other user's files. The default Gentoo user
running KDM is root and, as a result, the local attacker can read any

Workaround :

There is no known workaround at this time.

See also :

Solution :

All kdebase users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose kde-base/kdebase
All KDE split ebuild users should upgrade to the latest KDM version:
# emerge --sync
# emerge --ask --oneshot --verbose kde-base/kdm

Risk factor :

Medium / CVSS Base Score : 4.0

Family: Gentoo Local Security Checks

Nessus Plugin ID: 21743 (gentoo_GLSA-200606-23.nasl)

Bugtraq ID:

CVE ID: CVE-2006-2449

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now