Vulnerability Details CVE-2007-4569
backend/session.c in KDM in KDE 3.3.0 through 3.5.7, when autologin is configured and "shutdown with password" is enabled, allows remote attackers to bypass the password requirement and login to arbitrary accounts via unspecified vectors.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 42.3%
CVSS Severity
CVSS v2 Score 6.8
References
- http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00006.html
- http://secunia.com/advisories/26894
- http://secunia.com/advisories/26904
- http://secunia.com/advisories/26915
- http://secunia.com/advisories/26929
- http://secunia.com/advisories/26977
- http://secunia.com/advisories/27089
- http://secunia.com/advisories/27096
- http://secunia.com/advisories/27106
- http://secunia.com/advisories/27180
- http://secunia.com/advisories/27271
- http://security.gentoo.org/glsa/glsa-200710-15.xml
- http://securitytracker.com/id?1018724
- http://www.debian.org/security/2007/dsa-1376
- http://www.kde.org/info/security/advisory-20070919-1.txt
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:190
- http://www.redhat.com/support/errata/RHSA-2007-0905.html
- http://www.securityfocus.com/bid/25730
- http://www.ubuntu.com/usn/usn-517-1
- http://www.vupen.com/english/advisories/2007/3227
- https://exchange.xforce.ibmcloud.com/vulnerabilities/36711
- https://issues.rpath.com/browse/RPL-1725
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10359
- https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00022.html
- https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00084.html
- http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00006.html
- http://secunia.com/advisories/26894
- http://secunia.com/advisories/26904
- http://secunia.com/advisories/26915
- http://secunia.com/advisories/26929
- http://secunia.com/advisories/26977
- http://secunia.com/advisories/27089
- http://secunia.com/advisories/27096
- http://secunia.com/advisories/27106
- http://secunia.com/advisories/27180
- http://secunia.com/advisories/27271
- http://security.gentoo.org/glsa/glsa-200710-15.xml
- http://securitytracker.com/id?1018724
- http://www.debian.org/security/2007/dsa-1376
- http://www.kde.org/info/security/advisory-20070919-1.txt
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:190
- http://www.redhat.com/support/errata/RHSA-2007-0905.html
- http://www.securityfocus.com/bid/25730
- http://www.ubuntu.com/usn/usn-517-1
- http://www.vupen.com/english/advisories/2007/3227
- https://exchange.xforce.ibmcloud.com/vulnerabilities/36711
- https://issues.rpath.com/browse/RPL-1725
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10359
- https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00022.html
- https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00084.html
Products affected by CVE-2007-4569
-
cpe:2.3:o:kde:kde:3.3
-
cpe:2.3:o:kde:kde:3.3.0
-
cpe:2.3:o:kde:kde:3.3.1
-
cpe:2.3:o:kde:kde:3.3.2
-
cpe:2.3:o:kde:kde:3.4
-
cpe:2.3:o:kde:kde:3.4.0
-
cpe:2.3:o:kde:kde:3.4.1
-
cpe:2.3:o:kde:kde:3.4.2
-
cpe:2.3:o:kde:kde:3.4.3
-
cpe:2.3:o:kde:kde:3.5
-
cpe:2.3:o:kde:kde:3.5.0
-
cpe:2.3:o:kde:kde:3.5.1
-
cpe:2.3:o:kde:kde:3.5.2
-
cpe:2.3:o:kde:kde:3.5.3
-
cpe:2.3:o:kde:kde:3.5.4
-
cpe:2.3:o:kde:kde:3.5.5
-
cpe:2.3:o:kde:kde:3.5.6
-
cpe:2.3:o:kde:kde:3.5.7