BID:25730

KDE KDM Unspecified Password Authentication Bypass Vulnerability

Info

KDE KDM Unspecified Password Authentication Bypass Vulnerability

Bugtraq ID:	25730
Class:	Access Validation Error
CVE:	CVE-2007-4569
Remote:	No
Local:	Yes
Published:	Sep 19 2007 12:00AM
Updated:	Oct 24 2007 03:07PM
Credit:	Kees Huijgen is credited with the discovery of this vulnerability.
Vulnerable:	Ubuntu Ubuntu Linux 7.04 sparc Ubuntu Ubuntu Linux 7.04 powerpc Ubuntu Ubuntu Linux 7.04 i386 Ubuntu Ubuntu Linux 7.04 amd64 Ubuntu Ubuntu Linux 6.10 sparc Ubuntu Ubuntu Linux 6.10 powerpc Ubuntu Ubuntu Linux 6.10 i386 Ubuntu Ubuntu Linux 6.10 amd64 Ubuntu Ubuntu Linux 6.06 LTS sparc Ubuntu Ubuntu Linux 6.06 LTS powerpc Ubuntu Ubuntu Linux 6.06 LTS i386 Ubuntu Ubuntu Linux 6.06 LTS amd64 SuSE SUSE Linux Enterprise Server 9 SuSE SUSE Linux Enterprise Server 8 SuSE SUSE Linux Enterprise Server 10 SuSE Linux 10.1 SuSE Linux 10.0 Slackware Linux 12.0 S.u.S.E. openSUSE 10.3 rPath rPath Linux 1 Redhat Fedora Core7 Redhat Enterprise Linux WS 4 Redhat Enterprise Linux ES 4 Redhat Enterprise Linux Desktop Workstation 5 client Redhat Enterprise Linux Desktop 5 client Redhat Enterprise Linux AS 4 Redhat Enterprise Linux Desktop version 4 Redhat Enterprise Linux 5 Server Mandriva Linux Mandrake 2007.1 x86_64 Mandriva Linux Mandrake 2007.1 Mandriva Linux Mandrake 2007.0 x86_64 Mandriva Linux Mandrake 2007.0 MandrakeSoft Corporate Server 4.0 x86_64 MandrakeSoft Corporate Server 4.0 KDE KDE 3.5.7 KDE KDE 3.5.6 KDE KDE 3.5.5 KDE KDE 3.5.4 KDE KDE 3.5.3 KDE KDE 3.5.2 KDE KDE 3.5.1 KDE KDE 3.5 KDE KDE 3.4.3 KDE KDE 3.4.2 KDE KDE 3.4.1 + Redhat Fedora Core4 KDE KDE 3.4 KDE KDE 3.3.2 + Debian Linux 3.1 sparc + Debian Linux 3.1 s/390 + Debian Linux 3.1 s/390 + Debian Linux 3.1 s/390 + Debian Linux 3.1 ppc + Debian Linux 3.1 ppc + Debian Linux 3.1 ppc + Debian Linux 3.1 mipsel + Debian Linux 3.1 mipsel + Debian Linux 3.1 mipsel + Debian Linux 3.1 mips + Debian Linux 3.1 mips + Debian Linux 3.1 mips + Debian Linux 3.1 m68k + Debian Linux 3.1 m68k + Debian Linux 3.1 m68k + Debian Linux 3.1 ia-64 + Debian Linux 3.1 ia-64 + Debian Linux 3.1 ia-64 + Debian Linux 3.1 ia-32 + Debian Linux 3.1 ia-32 + Debian Linux 3.1 ia-32 + Debian Linux 3.1 hppa + Debian Linux 3.1 hppa + Debian Linux 3.1 hppa + Debian Linux 3.1 arm + Debian Linux 3.1 arm + Debian Linux 3.1 arm + Debian Linux 3.1 amd64 + Debian Linux 3.1 amd64 + Debian Linux 3.1 amd64 + Debian Linux 3.1 alpha + Debian Linux 3.1 alpha + Debian Linux 3.1 alpha + Debian Linux 3.1 + Debian Linux 3.1 + Debian Linux 3.1 KDE KDE 3.3.1 + Redhat Fedora Core3 KDE KDE 3.3 Gentoo Linux Debian Linux 4.0 sparc Debian Linux 4.0 s/390 Debian Linux 4.0 powerpc Debian Linux 4.0 mipsel Debian Linux 4.0 mips Debian Linux 4.0 m68k Debian Linux 4.0 ia-64 Debian Linux 4.0 ia-32 Debian Linux 4.0 hppa Debian Linux 4.0 arm Debian Linux 4.0 amd64 Debian Linux 4.0 alpha Debian Linux 4.0

Not Vulnerable:

Discussion

KDE KDM Unspecified Password Authentication Bypass Vulnerability

KDM is prone to an authentication-bypass vulnerability under certain circumstances.

Attackers can exploit this issue to gain superuser privileges, resulting in the complete compromise of affected computers.

This issue affects KDM shipped with KDE 3.3.0 up to and including 3.5.7.

Exploit / POC

KDE KDM Unspecified Password Authentication Bypass Vulnerability

A specific exploit is not required. An attacker simply needs to know a valid username.

Solution / Fix

KDE KDM Unspecified Password Authentication Bypass Vulnerability

Solution:
The vendor released patches and an advisory to address this issue. Please see the references for more information.

Slackware Linux 12.0