GLSA-200710-15 : KDM: Local privilege escalation
Medium Nessus Plugin ID 27050
SynopsisThe remote Gentoo host is missing one or more security-related patches.
DescriptionThe remote host is affected by the vulnerability described in GLSA-200710-15 (KDM: Local privilege escalation)
Kees Huijgen discovered an error when checking the credentials which can lead to a login without specifying a password. This only occurs when auto login is configured for at least one user and a password is required to shut down the machine.
A local attacker could gain root privileges and execute arbitrary commands by logging in as root without specifying root's password.
There is no known workaround at this time.
SolutionAll KDM users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=kde-base/kdm-3.5.7-r2' All kdebase users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=kde-base/kdebase-3.5.7-r4'