FreeBSD : KDM -- local privilege escalation vulnerability (3987c5d1-47a9-11df-a0d5-0016d32f24fb)

This script is Copyright (C) 2010-2013 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing one or more security-related
updates.

Description :

KDE Security Advisory reports :

KDM contains a race condition that allows local attackers to make
arbitrary files on the system world-writeable. This can happen while
KDM tries to create its control socket during user login. A local
attacker with a valid local account can under certain circumstances
make use of this vulnerability to execute arbitrary code as root.

See also :

http://www.kde.org/info/security/advisory-20100413-1.txt
http://www.nessus.org/u?5ab92215

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 6.9
(CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 45529 (freebsd_pkg_3987c5d147a911dfa0d50016d32f24fb.nasl)

Bugtraq ID:

CVE ID: CVE-2010-0436

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now