Bug#374002: kdm: [CVE-2006-2449] KDM symlink attack vulnerability
Package: kdm
Version: 4:3.5.3-2
Severity: grave
Tags: security patch
Justification: user security hole
KDM allows the user to select the session type for login. This
setting is permanently stored in the user home directory. By
using a symlink attack, KDM can be tricked into allowing the
user to read file content that would otherwise be unreadable
to this particular user.
See http://www.kde.org/info/security/advisory-20060614-1.txt
(includes patch)
Please mention the CVE-id in the changelog.
Reply to: