CVE-2010-0436

Name of the Vulnerable Software and Affected Versions KDE Software Compilation (SC) versions 2.2.0 through 4.4.2 kdebase-devel versions 3.3.1 through 3.5.4 kdebase versions 3.3.1 through 3.5.4 kdebase-data (affected versions not specified) kdebase-doc (affected versions not specified) kdebase-doc-html (affected versions not specified) kdebase-dbg (affected versions not specified) kdebase-dev (affected versions not specified) kdebase-bin (affected versions not specified) kdebase-bin-kde3 (affected versions not specified) kdebase-kio-plugins (affected versions not specified) kdm (affected versions not specified) khelpcenter (affected versions not specified) konsole (affected versions not specified) kdeeject (affected versions not specified) kdesktop (affected versions not specified) libkonq4 (affected versions not specified) libkonq4-dev (affected versions not specified) kdepasswd (affected versions not specified) kdeprint (affected versions not specified)

Description The issue is related to multiple vulnerabilities in various KDE packages, which can lead to a breach of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited locally. A race condition in the backend/ctrl.c file of KDM in KDE Software Compilation (SC) allows local users to change the permissions of arbitrary files and gain privileges by blocking the removal of a certain directory that contains a control socket. This is due to improper interaction with ksm.

Recommendations For KDE Software Compilation (SC) versions 2.2.0 through 4.4.2, consider updating to a version outside of this range to mitigate the risk. For kdebase-devel versions 3.3.1 through 3.5.4, consider updating to a version outside of this range to mitigate the risk. For kdebase versions 3.3.1 through 3.5.4, consider updating to a version outside of this range to mitigate the risk. For kdebase-data, kdebase-doc, kdebase-doc-html, kdebase-dbg, kdebase-dev, kdebase-bin, kdebase-bin-kde3, kdebase-kio-plugins, kdm, khelpcenter, konsole, kdeeject, kdesktop, libkonq4, libkonq4-dev, kdepasswd, and kdeprint, at the moment, there is no information about a newer version that contains a fix for this vulnerability.