KDE Display Manager (KDM) in KDE 3.2.0 up to 3.5.3 allows local users to read arbitrary files via a symlink attack related to the session type for login.

Metrics

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity High

Authentication None

Confidentiality Impact Complete

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

The EPSS score is 0.00072.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Kde
  • Kde
Redhat
  • Enterprise Linux

Configuration 1 [-]

OR cpe:2.3:o:kde:kde:3.2:*:*:*:*:*:*:*
cpe:2.3:o:kde:kde:3.2.1:*:*:*:*:*:*:*
cpe:2.3:o:kde:kde:3.2.2:*:*:*:*:*:*:*
cpe:2.3:o:kde:kde:3.2.3:*:*:*:*:*:*:*
cpe:2.3:o:kde:kde:3.3:*:*:*:*:*:*:*
cpe:2.3:o:kde:kde:3.3.1:*:*:*:*:*:*:*
cpe:2.3:o:kde:kde:3.3.2:*:*:*:*:*:*:*
cpe:2.3:o:kde:kde:3.4:*:*:*:*:*:*:*
cpe:2.3:o:kde:kde:3.4.1:*:*:*:*:*:*:*
cpe:2.3:o:kde:kde:3.4.2:*:*:*:*:*:*:*
cpe:2.3:o:kde:kde:3.4.3:*:*:*:*:*:*:*
cpe:2.3:o:kde:kde:3.5:*:*:*:*:*:*:*
cpe:2.3:o:kde:kde:3.5.2:*:*:*:*:*:*:*
cpe:2.3:o:kde:kde:3.5.3:*:*:*:*:*:*:*
Package CPE Advisory Released Date
Red Hat Enterprise Linux 4
kdebase-6:3.3.1-5.12 cpe:/o:redhat:enterprise_linux:4 RHSA-2006:0548 2006-06-14T00:00:00Z

No data.

Advisories
Source ID Title
Debian DSA Debian DSA DSA-1156-1 New kdebase packages fix information disclosure
EUVD EUVD EUVD-2006-2450 KDE Display Manager (KDM) in KDE 3.2.0 up to 3.5.3 allows local users to read arbitrary files via a symlink attack related to the session type for login.
Ubuntu USN Ubuntu USN USN-301-1 kdm vulnerability
Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References
Link Providers
http://secunia.com/advisories/20602 cve-icon cve-icon
http://secunia.com/advisories/20660 cve-icon cve-icon
http://secunia.com/advisories/20674 cve-icon cve-icon
http://secunia.com/advisories/20702 cve-icon cve-icon
http://secunia.com/advisories/20785 cve-icon cve-icon
http://secunia.com/advisories/20869 cve-icon cve-icon
http://secunia.com/advisories/20890 cve-icon cve-icon
http://secunia.com/advisories/21662 cve-icon cve-icon
http://securitytracker.com/id?1016297 cve-icon cve-icon
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.444467 cve-icon cve-icon
http://www.debian.org/security/2006/dsa-1156 cve-icon cve-icon
http://www.gentoo.org/security/en/glsa/glsa-200606-23.xml cve-icon cve-icon
http://www.kde.org/info/security/advisory-20060614-1.txt cve-icon cve-icon
http://www.mandriva.com/security/advisories?name=MDKSA-2006:105 cve-icon cve-icon
http://www.mandriva.com/security/advisories?name=MDKSA-2006:106 cve-icon cve-icon
http://www.novell.com/linux/security/advisories/2006_39_kdm.html cve-icon cve-icon
http://www.osvdb.org/26511 cve-icon cve-icon
http://www.redhat.com/support/errata/RHSA-2006-0548.html cve-icon cve-icon
http://www.securityfocus.com/archive/1/437133/100/0/threaded cve-icon cve-icon
http://www.securityfocus.com/archive/1/437322/100/0/threaded cve-icon cve-icon
http://www.securityfocus.com/bid/18431 cve-icon cve-icon
http://www.vupen.com/english/advisories/2006/2355 cve-icon cve-icon
https://exchange.xforce.ibmcloud.com/vulnerabilities/27181 cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2006-2449 cve-icon
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9844 cve-icon cve-icon
https://usn.ubuntu.com/301-1/ cve-icon cve-icon
https://www.cve.org/CVERecord?id=CVE-2006-2449 cve-icon
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2024-08-07T17:51:04.699Z

Reserved: 2006-05-18T00:00:00

Link: CVE-2006-2449

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Deferred

Published: 2006-06-15T10:02:00.000

Modified: 2025-04-03T01:03:51.193

Link: CVE-2006-2449

cve-icon Redhat

Severity : Important

Publid Date: 2006-06-14T00:00:00Z

Links: CVE-2006-2449 - Bugzilla

cve-icon OpenCVE Enrichment

No data.