CVE-2007-4569

backend/session.c in KDM in KDE 3.3.0 through 3.5.7, when autologin is configured and "shutdown with password" is enabled, allows remote attackers to bypass the password requirement and login to arbitrary accounts via unspecified vectors.

CVSS v2.0 6.8

6.8^/10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 3.1 / Impact : 10

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

Scope

References

Link	Resource
http://www.kde.org/info/security/advisory-20070919-1.txt	Patch Vendor Advisory
http://www.securityfocus.com/bid/25730	Patch
https://issues.rpath.com/browse/RPL-1725
http://www.debian.org/security/2007/dsa-1376
https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00022.html
https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00084.html
http://security.gentoo.org/glsa/glsa-200710-15.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2007:190
http://www.redhat.com/support/errata/RHSA-2007-0905.html
http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00006.html
http://www.ubuntu.com/usn/usn-517-1
http://securitytracker.com/id?1018724
http://secunia.com/advisories/26929
http://secunia.com/advisories/26894
http://secunia.com/advisories/26904
http://secunia.com/advisories/26915
http://secunia.com/advisories/26977
http://secunia.com/advisories/27089
http://secunia.com/advisories/27106
http://secunia.com/advisories/27096
http://secunia.com/advisories/27180
http://secunia.com/advisories/27271
http://www.vupen.com/english/advisories/2007/3227
https://exchange.xforce.ibmcloud.com/vulnerabilities/36711
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10359

Configurations

Configuration 1

cpe:2.3:o:kde:kde:3.3.2:*:*:*:*:*:*:*

cpe:2.3:o:kde:kde:3.3.1:*:*:*:*:*:*:*

cpe:2.3:o:kde:kde:3.5.5:*:*:*:*:*:*:*

cpe:2.3:o:kde:kde:3.4.3:*:*:*:*:*:*:*

cpe:2.3:o:kde:kde:3.5.2:*:*:*:*:*:*:*

cpe:2.3:o:kde:kde:3.4.0:*:*:*:*:*:*:*

cpe:2.3:o:kde:kde:3.4:*:*:*:*:*:*:*

cpe:2.3:o:kde:kde:3.5.0:*:*:*:*:*:*:*

cpe:2.3:o:kde:kde:3.5.4:*:*:*:*:*:*:*

cpe:2.3:o:kde:kde:3.5.7:*:*:*:*:*:*:*

cpe:2.3:o:kde:kde:3.5:*:*:*:*:*:*:*

cpe:2.3:o:kde:kde:3.5.3:*:*:*:*:*:*:*

cpe:2.3:o:kde:kde:3.3:*:*:*:*:*:*:*

cpe:2.3:o:kde:kde:3.5.1:*:*:*:*:*:*:*

cpe:2.3:o:kde:kde:3.4.2:*:*:*:*:*:*:*

cpe:2.3:o:kde:kde:3.5.6:*:*:*:*:*:*:*

cpe:2.3:o:kde:kde:3.4.1:*:*:*:*:*:*:*

cpe:2.3:o:kde:kde:3.3.0:*:*:*:*:*:*:*

History

24 Jan 2023, 16:19

Type	Values Removed	Values Added
CPE		cpe:2.3:a:predictapp_project:predictapp::::::::
References	~~(MISC) https://github.com/abhilash1985/PredictApp/commit/b067372f3ee26fe1b657121f0f41883ff4461a06 -~~	(MISC) https://github.com/abhilash1985/PredictApp/commit/b067372f3ee26fe1b657121f0f41883ff4461a06 - Patch, Third Party Advisory
References	~~(MISC) https://github.com/abhilash1985/PredictApp/pull/73 -~~	(MISC) https://github.com/abhilash1985/PredictApp/pull/73 - Patch, Third Party Advisory
References	~~(MISC) https://vuldb.com/?id.218387 -~~	(MISC) https://vuldb.com/?id.218387 - Third Party Advisory
References	~~(MISC) https://vuldb.com/?ctiid.218387 -~~	(MISC) https://vuldb.com/?ctiid.218387 - Third Party Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 9.8
First Time		Predictapp Project predictapp Predictapp Project

16 Jan 2023, 13:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2007-09-21 07:17

Updated : 2017-09-29 01:29

NVD link : CVE-2007-4569

Mitre link : CVE-2007-4569

Products Affected

No products.

CWE

CWE-264