High Nessus Plugin ID 24419
SynopsisThe remote host is missing a vendor-supplied security patch
DescriptionThe remote host is missing the patch for the advisory SUSE-SA:2006:039 (kdebase3-kdm).
The KDE Display Manager KDM stores the type of the previously used session in the user's home directory.
By using a symlink a local attacker could trick kdm into also storing content of files that are normally not accessible by users, like for instance /etc/shadow.
This problem is tracked by Mitre CVE ID CVE-2006-2449 and was found by Ludwig Nussel of the SUSE Security Team.