CVE-2007-4569

critical

Description

backend/session.c in KDM in KDE 3.3.0 through 3.5.7, when autologin is configured and "shutdown with password" is enabled, allows remote attackers to bypass the password requirement and login to arbitrary accounts via unspecified vectors.

References

https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00084.html

https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00022.html

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10359

https://issues.rpath.com/browse/RPL-1725

https://exchange.xforce.ibmcloud.com/vulnerabilities/36711

http://www.vupen.com/english/advisories/2007/3227

http://www.ubuntu.com/usn/usn-517-1

http://www.securityfocus.com/bid/25730

http://www.redhat.com/support/errata/RHSA-2007-0905.html

http://www.mandriva.com/security/advisories?name=MDKSA-2007:190

http://www.kde.org/info/security/advisory-20070919-1.txt

http://www.debian.org/security/2007/dsa-1376

http://securitytracker.com/id?1018724

http://security.gentoo.org/glsa/glsa-200710-15.xml

http://secunia.com/advisories/27271

http://secunia.com/advisories/27180

http://secunia.com/advisories/27106

http://secunia.com/advisories/27096

http://secunia.com/advisories/27089

http://secunia.com/advisories/26977

http://secunia.com/advisories/26929

http://secunia.com/advisories/26915

http://secunia.com/advisories/26904

http://secunia.com/advisories/26894

http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00006.html

Details

Source: Mitre, NVD

Published: 2007-09-21

Updated: 2017-09-29

Risk Information

CVSS v2

Base Score: 6.8

Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C

Severity: Medium

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

Detections

Analytics