CVE-2010-0436
Published: 15 April 2010
Race condition in backend/ctrl.c in KDM in KDE Software Compilation (SC) 2.2.0 through 4.4.2 allows local users to change the permissions of arbitrary files, and consequently gain privileges, by blocking the removal of a certain directory that contains a control socket, related to improper interaction with ksm.
Priority
Status
Package | Release | Status |
---|---|---|
kdebase Launchpad, Ubuntu, Debian |
dapper |
Ignored
(end of life)
|
hardy |
Ignored
(end of life)
|
|
intrepid |
Not vulnerable
(code not present)
|
|
jaunty |
Not vulnerable
(code not present)
|
|
karmic |
Not vulnerable
(code not present)
|
|
upstream |
Needs triage
|
|
kdebase-workspace Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
hardy |
Ignored
(end of life)
|
|
intrepid |
Released
(4:4.1.4-0ubuntu1~intrepid3.2)
|
|
jaunty |
Released
(4:4.2.2-0ubuntu2.1)
|
|
karmic |
Released
(4:4.3.2-0ubuntu7.2)
|
|
upstream |
Needs triage
|
|
Patches: other: ftp://ftp.kde.org/pub/kde/security_patches/kdebase-workspace-4.3.5-CVE-2010-0436.diff debdiff: https://bugs.launchpad.net/ubuntu/+source/kdebase-workspace/+bug/562440 |