Login Vulnerability in KDE 3.3.0 through 3.5.7
The KDE Display Manager (KDM) can be exploited to allow users to log in without a password. This would give users the ability to log in as other users or even root.
The threat affects password-protected accounts in specific conditions; for example if auto-login is configured and the function "shutdown with password" is enabled. The vulnerability which as been assigned the CVE ID 2007-4569 was disclosed on the KDE Announce mailing list.
It affects KDE versions 3.3.0 through 3.5.7. Older or newer versions are not affected. Source code patches are available for KDE 3.5.0 through KDE 3.5.7 and for KDE 3.3.0 through KDE 3.4.2 on the KDE project's FTP server.
Issue 240/2020
Buy this issue as a PDF
News
-
Microsoft is Finally Set to Release Edge Browser for Linux
Chromium-based MS Edge browser will soon be available for testing on Linux.
-
Lenovo Now Offering Ubuntu 20.04 as an Option
Lenovo is making good on its promise to support Linux as a pre-install option.
-
Linux Deepin 20 Released
One of the most beautiful Linux distributions on the market has been refreshed.
-
A New Version of Zorin OS is Now Available
Fan-favorite, Zorin OS 15.3 is officially available.
-
Lenovo Now Offering Fedora Linux as an Option
Lenovo is making good on their Linux promise by adding Fedora into the mix.
-
System76 Launches New High-End Laptop
System76 has unleashed a beast of a mobile workstation.
-
Mozilla Lays Off Staff, Receives More Cash
In a restructuring move, Mozilla lays off 250 employees, but then inks large deal with Google.
-
LibreOffice 7 Now Available
The LibreOffice 7 office suite is now available with important compatibility improvements.
-
Microsoft Brings procmon to Linux
The creators of Windows have brought the sysinternals procmon tool to the open source operating system.
-
New KDE Slimbook Available
The makers of the KDE Slimbook have released a Ryzen-4000 powered laptop.