CVE-2007-4569
Summary
| CVE | CVE-2007-4569 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2007-09-21 19:17:00 UTC |
| Updated | 2017-09-29 01:29:00 UTC |
| Description | backend/session.c in KDM in KDE 3.3.0 through 3.5.7, when autologin is configured and "shutdown with password" is enabled, allows remote attackers to bypass the password requirement and login to arbitrary accounts via unspecified vectors. |
Risk And Classification
Problem Types: CWE-264
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Kde | Kde | 3.3 | All | All | All |
| Operating System | Kde | Kde | 3.3.0 | All | All | All |
| Operating System | Kde | Kde | 3.3.1 | All | All | All |
| Operating System | Kde | Kde | 3.3.2 | All | All | All |
| Operating System | Kde | Kde | 3.4 | All | All | All |
| Operating System | Kde | Kde | 3.4.0 | All | All | All |
| Operating System | Kde | Kde | 3.4.1 | All | All | All |
| Operating System | Kde | Kde | 3.4.2 | All | All | All |
| Operating System | Kde | Kde | 3.4.3 | All | All | All |
| Operating System | Kde | Kde | 3.5 | All | All | All |
| Operating System | Kde | Kde | 3.5.0 | All | All | All |
| Operating System | Kde | Kde | 3.5.1 | All | All | All |
| Operating System | Kde | Kde | 3.5.2 | All | All | All |
| Operating System | Kde | Kde | 3.5.3 | All | All | All |
| Operating System | Kde | Kde | 3.5.4 | All | All | All |
| Operating System | Kde | Kde | 3.5.5 | All | All | All |
| Operating System | Kde | Kde | 3.5.6 | All | All | All |
| Operating System | Kde | Kde | 3.5.7 | All | All | All |
| Operating System | Kde | Kde | 3.3 | All | All | All |
| Operating System | Kde | Kde | 3.3.0 | All | All | All |
| Operating System | Kde | Kde | 3.3.1 | All | All | All |
| Operating System | Kde | Kde | 3.3.2 | All | All | All |
| Operating System | Kde | Kde | 3.4 | All | All | All |
| Operating System | Kde | Kde | 3.4.0 | All | All | All |
| Operating System | Kde | Kde | 3.4.1 | All | All | All |
| Operating System | Kde | Kde | 3.4.2 | All | All | All |
| Operating System | Kde | Kde | 3.4.3 | All | All | All |
| Operating System | Kde | Kde | 3.5 | All | All | All |
| Operating System | Kde | Kde | 3.5.0 | All | All | All |
| Operating System | Kde | Kde | 3.5.1 | All | All | All |
| Operating System | Kde | Kde | 3.5.2 | All | All | All |
| Operating System | Kde | Kde | 3.5.3 | All | All | All |
| Operating System | Kde | Kde | 3.5.4 | All | All | All |
| Operating System | Kde | Kde | 3.5.5 | All | All | All |
| Operating System | Kde | Kde | 3.5.6 | All | All | All |
| Operating System | Kde | Kde | 3.5.7 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Gentoo update for kdm - Advisories - Secunia | SECUNIA | secunia.com | |
| USN-517-1: kdm vulnerability | Ubuntu | UBUNTU | www.ubuntu.com | |
| Fedora update for kdebase - Advisories - Secunia | SECUNIA | secunia.com | |
| [security-announce] SUSE Security Summary Report SUSE-SR:2007:021 | SUSE | lists.opensuse.org | |
| Debian -- Security Information -- DSA-1376-1 kdebase | DEBIAN | www.debian.org | |
| Ubuntu update for kdm - Advisories - Secunia | SECUNIA | secunia.com | |
| www.kde.org/info/security/advisory-20070919-1.txt | CONFIRM | www.kde.org | Patch, Vendor Advisory |
| Support / Security / Advisories / / MDKSA-2007:190 | Mandriva | MANDRIVA | www.mandriva.com | |
| Support | REDHAT | www.redhat.com | |
| rPath update for kdebase - Advisories - Secunia | SECUNIA | secunia.com | |
| Mandriva update for kdebase - Advisories - Secunia | SECUNIA | secunia.com | |
| [SECURITY] Fedora Core 6 Update: kdebase-3.5.7-1.fc6 | FEDORA | www.redhat.com | |
| SUSE Updates for Multiple Packages - Advisories - Secunia | SECUNIA | secunia.com | |
| Fedora update for kdebase - Advisories - Secunia | SECUNIA | secunia.com | |
| issues.rpath.com/browse/RPL-1725 | CONFIRM | issues.rpath.com | |
| Debian update for kdebase - Advisories - Secunia | SECUNIA | secunia.com | |
| [SECURITY] Fedora 7 Update: kdebase-3.5.7-13.1.fc7 | FEDORA | www.redhat.com | |
| IBM X-Force Exchange | XF | exchange.xforce.ibmcloud.com | |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | VUPEN | www.vupen.com | |
| KDE KDM Unspecified Password Authentication Bypass Vulnerability | BID | www.securityfocus.com | Patch |
| KDE KDM Login Password Check Security Bypass - Advisories - Secunia | SECUNIA | secunia.com | |
| KDE Autologin Authentication Bug May Let Remote Users Login Without a Password - SecurityTracker | SECTRACK | securitytracker.com | |
| Repository / Oval Repository | OVAL | oval.cisecurity.org | |
| Red Hat update for kdebase - Advisories - Secunia | SECUNIA | secunia.com | |
| KDM: Local privilege escalation — Gentoo Linux Documentation | GENTOO | security.gentoo.org | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.