SUSE-SA:2006:039: kdebase3-kdm

This script is Copyright (C) 2007-2010 Tenable Network Security, Inc.

Synopsis :

The remote host is missing a vendor-supplied security patch

Description :

The remote host is missing the patch for the advisory SUSE-SA:2006:039 (kdebase3-kdm).

The KDE Display Manager KDM stores the type of the previously used
session in the user's home directory.

By using a symlink a local attacker could trick kdm into also storing
content of files that are normally not accessible by users, like for
instance /etc/shadow.

This problem is tracked by Mitre CVE ID CVE-2006-2449 and was
found by Ludwig Nussel of the SUSE Security Team.

Solution :

Risk factor :


Family: SuSE Local Security Checks

Nessus Plugin ID: 24419 ()

Bugtraq ID:


Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now