Debian Security Advisory DSA 1376-1 (kdebase) Network Vulnerability

Summary

The remote host is missing an update to kdebase announced via advisory DSA 1376-1.

Solution

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201376-1

Insight

iKees Huijgen discovered that under certain circumstances KDM, an X session manage for KDE, it is possible for KDM to be tricked into allowing user logins without a password. For the stable distribution (etch), this problem has been fixed in version 4:3.5.5a.dfsg.1-6etch1. For the old stable distribution (sarge), this problem was not present. We recommend that you upgrade your kdebase package.

Severity

Classification

CVE CVE-2007-4569

CVSS	Base Score: 6.8 AV:L/AC:L/Au:S/C:C/I:C/A:C

Related Vulnerabilities

Debian Security Advisory DSA 067-1 (apache,apache-ssl)
Debian Security Advisory DSA 041-1 (joe)
Debian Security Advisory DSA 1073-1 (mysql-dfsg-4.1)
Debian Security Advisory DSA 1111-2 (kernel-source-2.6.8 et. al.)
Debian Security Advisory DSA 080-1 (htdig)

Take action and discover your vulnerabilities