KDM: Local privilege escalation — GLSA 200710-15

KDM allows logins without password under certain circumstances allowing a local user to gain elevated privileges.

Affected Packages

kde-base/kdm on all architectures
Affected versions < 3.5.7-r2
Unaffected versions >= 3.5.7-r2
kde-base/kdebase on all architectures
Affected versions < 3.5.7-r4
Unaffected versions >= 3.5.7-r4

Background

KDM is the Display Manager for the graphical desktop environment KDE. It is part of the kdebase package.

Description

Kees Huijgen discovered an error when checking the credentials which can lead to a login without specifying a password. This only occurs when auto login is configured for at least one user and a password is required to shut down the machine.

Impact

A local attacker could gain root privileges and execute arbitrary commands by logging in as root without specifying root's password.

Workaround

There is no known workaround at this time.

Resolution

All KDM users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=kde-base/kdm-3.5.7-r2"

All kdebase users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=kde-base/kdebase-3.5.7-r4"

References

Release Date
October 14, 2007

Latest Revision
October 14, 2007: 01

Severity
high

Exploitable
local

Bugzilla entries