漏洞信息详情
KDE KDM会话类型配置文件符号 信息泄露漏洞
- CNNVD编号:CNNVD-200606-298
- 危害等级: 中危
![图片[1]-KDE KDM会话类型配置文件符号 信息泄露漏洞-一一网](https://www.proyy.com/skycj/data/images/2021-07-03/30f462579bec41fc25e0b1d57503e6d6.png)
- CVE编号:
CVE-2006-2449
- 漏洞类型:
其他
- 发布时间:
2006-06-15
- 威胁类型:
本地
- 更新时间:
2006-10-25
- 厂 商:
kde - 漏洞来源:
Ludwig Nussel lnus… -
漏洞简介
KDE是一个为UNIX工作站设计的强大的开源图形桌面环境。KDE中所捆绑的KDM允许用户选择登录的会话类型。
KDM对用户配置文件的处理上存在漏洞,攻击者可能利用此漏洞非授权读取敏感的系统文件。
KDM的设置储存在用户的主目录中。通过符号链接攻击,KDM可能受骗允许用户读取通常情况下无法读取的内容,比如 /etc/shadow 文件。
漏洞公告
目前厂商已经发布了相关补丁,请到厂商的主页下载:
KDE aRts 1.3.2
Slackware arts-1.4.2-i486-2_slack10.2.tgz
Slackware 10.2:
ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/ arts-1.4.2-i486-2_slack10.2.tgz
KDE KDE 3.2
KDE post-3.2.0-kdebase-kdm.diff
ftp://ftp.kde.org/pub/kde/security_patches
Mandriva kdebase-3.2-79.16.C30mdk.i586.rpm
Corporate 3.0:
http://www.mandriva.com/en/download
Mandriva kdebase-3.2-79.16.C30mdk.src.rpm
Corporate 3.0/X86_64:
http://www.mandriva.com/en/download
Mandriva kdebase-3.2-79.16.C30mdk.src.rpm
Corporate 3.0:
http://www.mandriva.com/en/download
Mandriva kdebase-common-3.2-79.16.C30mdk.i586.rpm
Corporate 3.0:
http://www.mandriva.com/en/download
Mandriva kdebase-common-3.2-79.16.C30mdk.x86_64.rpm
Corporate 3.0:
http://www.mandriva.com/en/download
Mandriva kdebase-kate-3.2-79.16.C30mdk.i586.rpm
Corporate 3.0:
http://www.mandriva.com/en/download
Mandriva kdebase-kate-3.2-79.16.C30mdk.x86_64.rpm
Corporate 3.0/X86_64:
http://www.mandriva.com/en/download
Mandriva kdebase-kcontrol-data-3.2-79.16.C30mdk.i586.rpm
Corporate 3.0:
http://www.mandriva.com/en/download
Mandriva kdebase-kcontrol-data-3.2-79.16.C30mdk.x86_64.rpm
Corporate 3.0/X86_64:
http://www.mandriva.com/en/download
Mandriva kdebase-kdeprintfax-3.2-79.16.C30mdk.i586.rpm
Corporate 3.0:
http://www.mandriva.com/en/download
Mandriva kdebase-kdeprintfax-3.2-79.16.C30mdk.x86_64.rpm
Corporate 3.0/X86_64:
http://www.mandriva.com/en/download
Mandriva kdebase-kdm-3.2-79.16.C30mdk.i586.rpm
Corporate 3.0:
http://www.mandriva.com/en/download
Mandriva kdebase-kdm-3.2-79.16.C30mdk.x86_64.rpm
Corporate 3.0/X86_64:
http://www.mandriva.com/en/download
Mandriva kdebase-kdm-config-file-3.2-79.16.C30mdk.i586.rpm
Corporate 3.0:
http://www.mandriva.com/en/download
Mandriva kdebase-kdm-config-file-3.2-79.16.C30mdk.x86_64.rpm
Corporate 3.0/X86_64:
http://www.mandriva.com/en/download
Mandriva kdebase-kmenuedit-3.2-79.16.C30mdk.i586.rpm
Corporate 3.0:
http://www.mandriva.com/en/download
Mandriva kdebase-kmenuedit-3.2-79.16.C30mdk.x86_64.rpm
Corporate 3.0/X86_64:
http://www.mandriva.com/en/download
Mandriva kdebase-konsole-3.2-79.16.C30mdk.i586.rpm
Corporate 3.0:
http://www.mandriva.com/en/download
Mandriva kdebase-konsole-3.2-79.16.C30mdk.x86_64.rpm
Corporate 3.0/X86_64:
http://www.mandriva.com/en/download
Mandriva kdebase-nsplugins-3.2-79.16.C30mdk.i586.rpm
Corporate 3.0:
http://www.mandriva.com/en/download
Mandriva kdebase-nsplugins-3.2-79.16.C30mdk.x86_64.rpm
Corporate 3.0/X86_64:
http://www.mandriva.com/en/download
Mandriva kdebase-progs-3.2-79.16.C30mdk.i586.rpm
Corporate 3.0:
http://www.mandriva.com/en/download
Mandriva kdebase-progs-3.2-79.16.C30mdk.x86_64.rpm
Corporate 3.0/X86_64:
http://www.mandriva.com/en/download
Mandriva lib64kdebase4-3.2-79.16.C30mdk.x86_64.rpm
Corporate 3.0/X86_64:
http://www.mandriva.com/en/download
Mandriva lib64kdebase4-devel-3.2-79.16.C30mdk.x86_64.rpm
Corporate 3.0/X86_64:
http://www.mandriva.com/en/download
Mandriva lib64kdebase4-kate-3.2-79.16.C30mdk.x86_64.rpm
Corporate 3.0:
http://www.mandriva.com/en/download
Mandriva lib64kdebase4-kate-devel-3.2-79.16.C30mdk.x86_64.rpm
Corporate 3.0/X86_64:
http://www.mandriva.com/en/download
Mandriva lib64kdebase4-kmenuedit-3.2-79.16.C30mdk.x86_64.rpm
Corporate 3.0/X86_64:
http://www.mandriva.com/en/download
Mandriva lib64kdebase4-konsole-3.2-79.16.C30mdk.x86_64.rpm
Corporate 3.0/X86_64:
http://www.mandriva.com/en/download
Mandriva lib64kdebase4-nsplugins-3.2-79.16.C30mdk.x86_64.rpm
Corporate 3.0/X86_64:
http://www.mandriva.com/en/download
Mandriva lib64kdebase4-nsplugins-devel-3.2-79.16.C30mdk.x86_64.rpm
Corporate 3.0/X86_64:
http://www.mandriva.com/en/download
Mandriva libkdebase4-3.2-79.16.C30mdk.i586.rpm
Corporate 3.0:
http://www.mandriva.com/en/download
Mandriva libkdebase4-devel-3.2-79.16.C30mdk.i586.rpm
Corporate 3.0:
http://www.mandriva.com/en/download
Mandriva libkdebase4-kate-3.2-79.16.C30mdk.i586.rpm
Corporate 3.0:
http://www.mandriva.com/en/download
Mandriva libkdebase4-kate-de
参考网址
来源: UBUNTU
名称: USN-301-1
链接:http://www.ubuntulinux.org/support/documentation/usn/usn-301-1
来源: BUGTRAQ
名称: 20060614 [KDE Security Advisory] KDM symlink attack vulnerability
链接:http://www.securityfocus.com/archive/1/archive/1/437133/100/0/threaded
来源: REDHAT
名称: RHSA-2006:0548
链接:http://www.redhat.com/support/errata/RHSA-2006-0548.html
来源: BID
名称: 18431
链接:http://www.securityfocus.com/bid/18431
来源: BUGTRAQ
名称: 20060615 rPSA-2006-0106-1 kdebase
链接:http://www.securityfocus.com/archive/1/archive/1/437322/100/0/threaded
来源: OSVDB
名称: 26511
来源: SUSE
名称: SUSE-SA:2006:039
链接:http://www.novell.com/linux/security/advisories/2006_39_kdm.html
来源: www.kde.org
链接:http://www.kde.org/info/security/advisory-20060614-1.txt
来源: GENTOO
名称: GLSA-200606-23
链接:http://www.gentoo.org/security/en/glsa/glsa-200606-23.xml
来源: VUPEN
名称: ADV-2006-2355
链接:http://www.frsirt.com/english/advisories/2006/2355
来源: DEBIAN
名称: DSA-1156
链接:http://www.debian.org/security/2006/dsa-1156
来源: SLACKWARE
名称: SSA:2006-178-01
链接:http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.444467
来源: SECTRACK
名称: 1016297
链接:http://securitytracker.com/id?1016297
来源: SECUNIA
名称: 21662
链接:http://secunia.com/advisories/21662
来源: SECUNIA
名称: 20890
链接:http://secunia.com/advisories/20890
来源: SECUNIA
名称: 20869
链接:http://secunia.com/advisories/20869
来源: SECUNIA
名称: 20785
链接:http://secunia.com/advisories/20785
来源: SECUNIA
名称: 20702
链接:http://secunia.com/advisories/20702
来源: SECUNIA
名称: 20674
链接:http://secunia.com/advisories/20674
来源: SECUNIA
名称: 20660
链接:http://secunia.com/advisories/20660
来源: SECUNIA
名称: 20602
链接:http://secunia.com/advisories/20602
来源: MANDRIVA
名称: MDKSA-2006:106
链接:http://frontal2.mandriva.com/security/advisories?name=MDKSA-2006:106
来源: MANDRIVA
名称: MDKSA-2006:105
链接:http://frontal2.mandriva.com/security/advisories?name=MDKSA-2006:105
来源: XF
名称: kde-kdm-symlink(27181)
链接:http://xforce.iss.net/xforce/xfdb/27181
来源: MANDRIVA
名称: MDKSA-2006:106
链接:http://www.mandriva.com/security/advisories?name=MDKSA-2006:106
来源: MANDRIVA
名称: MDKSA-2006:105
链接:http://www.mandriva.com/security/advisories?name=MDKSA-2006:105
![[桜井宁宁]COS和泉纱雾超可爱写真福利集-一一网](https://www.proyy.com/skycj/data/images/2020-12-13/4d3cf227a85d7e79f5d6b4efb6bde3e8.jpg)
![[桜井宁宁] 爆乳奶牛少女cos写真-一一网](https://www.proyy.com/skycj/data/images/2020-12-13/d40483e126fcf567894e89c65eaca655.jpg)
