[Pardus-kullanicilari] KDE'deki büyük açık Bilginize
mengucek
mengucek at gmail.com
15 Haz 2006 Per 19:48:49 EEST
merhaba...
kimbilir.. belki bir kardeşimiz çıkar ve bu "büyük açığın" Türkçe mealini..
ucundan-bucağından azıcık açıklar :)
hatta.. lazımsa-gerekliyse-mümkünse.. şunu-şöyle yap deyiverir..
çünkü.. benim bu ingilizce balığını tutmayı öğrenmem çoook uzun iş :)
hoşça kalın :)
Perşembe 15 Haziran 2006 10:36 tarihinde, Ömer F. USTA şunları yazmıştı:
> 0. References
>
> CVE-2006-2449
>
>
> 1. Systems affected:
>
> KDM as shipped with KDE 3.2.0 up to including 3.5.3. KDE 3.1.x and
> older and newer versions than KDE 3.5.3 are not affected.
>
>
> 2. Overview:
>
> KDM allows the user to select the session type for login. This
> setting is permanently stored in the user home directory. By
> using a symlink attack, KDM can be tricked into allowing the
> user to read file content that would otherwise be unreadable
> to this particular user. This vulnerability was discovered
> and reported by Ludwig Nussel.
>
>
> 3. Impact:
>
> KDM might allow a normal user to read the content of /etc/shadow
> or other files, which allows compromising the privacy of another
> user or even the security of the whole system.
>
> 4. Solution:
>
> Source code patches have been made available which fix these
> vulnerabilities. Contact your OS vendor / binary package provider
> for information about how to obtain updated binary packages.
>
>
> 5. Patch:
>
> A patch for KDE 3.4.0 - KDE 3.5.3 is available from
> ftp://ftp.kde.org/pub/kde/security_patches :
>
> 9daecff07d57dabba35da247e752916a post-3.5.0-kdebase-kdm.diff
>
> A patch for KDE 3.3.x is available from
> ftp://ftp.kde.org/pub/kde/security_patches :
>
> f2e1424d97f2cd18674bef833274c5e3 post-3.3.0-kdebase-kdm.diff
>
> A patch for KDE 3.2.x is available from
> ftp://ftp.kde.org/pub/kde/security_patches :
>
> 8aa6b41cccca4216c6eb1cf705c2370a post-3.2.0-kdebase-kdm.diff
Pardus-kullanicilari mesaj listesiyle ilgili
daha fazla bilgi