KDE KDM 未明本地拒绝服务漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1188165 漏洞类型 Unknown
发布时间 2007-12-17 更新时间 2009-01-19
CVE编号 CVE-2007-5963 CNNVD-ID CNNVD-200712-240
漏洞平台 N/A CVSS评分 4.7
|漏洞来源
https://www.securityfocus.com/bid/26909
https://cxsecurity.com/issue/WLB-2007120060
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200712-240
|漏洞详情
kdebase中的未明漏洞允许本地用户借助未知向量造成拒绝服务(KDM无法注册或者资源消耗)。
|漏洞EXP
rPath Security Advisory: 2007-0268-1
Published: 2007-12-17
Products:
    rPath Linux 1

Rating: Major
Exposure Level Classification:
    Local Deterministic Denial of Service
Updated Versions:
    kdebase=conary.rpath.com@rpl:1/3.4.2-3.15-1

rPath Issue Tracking System:
    https://issues.rpath.com/browse/RPL-1992

References:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5963

Description:
    Previous versions of the kdebase package are vulnerable to Denials of
    Service in which a local user can render KDM unusable for logins by any
    user or cause KDM to exceed system resource limits.
    
    In its default configuration, rPath Linux 1 is not vulnerable to the
    Denial of Service against KDM logins.

http://wiki.rpath.com/Advisories:rPSA-2007-0268

Copyright 2007 rPath, Inc.
This file is distributed under the terms of the MIT License.
A copy is available at http://www.rpath.com/permanent/mit-license.html
|受影响的产品
rPath kdebase 3.4.2-3.15 MandrakeSoft Corporate Server 4.0 x86_64 MandrakeSoft Corporate Server 3.0 x86_64 MandrakeSoft Corporate Server 3.0 MandrakeSoft Corporate Server 4.0
|参考资料

来源:issues.rpath.com
链接:https://issues.rpath.com/browse/RPL-1992
来源:BUGTRAQ
名称:20071218rPSA-2007-0268-1kdebase
链接:http://www.securityfocus.com/archive/1/485238
来源:FEDORA
名称:FEDORA-2008-1283
链接:http://www.redhat.com/archives/fedora-package-announce/2008-February/msg00038.html
来源:FEDORA
名称:FEDORA-2008-1264
链接:http://www.redhat.com/archives/fedora-package-announce/2008-February/msg00031.html
来源:MANDRIVA
名称:MDVSA-2009:017
链接:http://www.mandriva.com/security/advisories?name=MDVSA-2009:017
来源:SECUNIA
名称:28751
链接:http://secunia.com/advisories/28751
来源:OSVDB
名称:41395
链接:http://osvdb.org/41395
来源:XF
名称:kdm-image-configuration-dos(39168)
链接:http://xforce.iss.net/xforce/xfdb/39168
来源:BID
名称:26909
链接:http://www.securityfocus.com/bid/26909
来源:VUPEN
名称:ADV-2007-4267
链接:http://www.frsirt.com/english/advisories/2007/4267
来源:wiki.rpath.com
链接:http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0268
来源:SREASON
名称:3469
链接:http://securityreason.com/securityalert/3469
来源:SECUNIA
名称:28181
链接:http://secunia.com/