CVE-2007-4569
First published: Fri Sep 21 2007(Updated: )
backend/session.c in KDM in KDE 3.3.0 through 3.5.7, when autologin is configured and "shutdown with password" is enabled, allows remote attackers to bypass the password requirement and login to arbitrary accounts via unspecified vectors.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| KDE Kde Beta 3 | =3.3.2 | |
| KDE Kde Beta 3 | =3.3.1 | |
| KDE Kde Beta 3 | =3.5.5 | |
| KDE Kde Beta 3 | =3.4.3 | |
| KDE Kde Beta 3 | =3.5.2 | |
| KDE Kde Beta 3 | =3.4.0 | |
| KDE Kde Beta 3 | =3.4 | |
| KDE Kde Beta 3 | =3.5.0 | |
| KDE Kde Beta 3 | =3.5.4 | |
| KDE Kde Beta 3 | =3.5.7 | |
| KDE Kde Beta 3 | =3.5 | |
| KDE Kde Beta 3 | =3.5.3 | |
| KDE Kde Beta 3 | =3.3 | |
| KDE Kde Beta 3 | =3.5.1 | |
| KDE Kde Beta 3 | =3.4.2 | |
| KDE Kde Beta 3 | =3.5.6 | |
| KDE Kde Beta 3 | =3.4.1 | |
| KDE Kde Beta 3 | =3.3.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.kde.org/info/security/advisory-20070919-1.txt
- http://www.securityfocus.com/bid/25730
- https://issues.rpath.com/browse/RPL-1725
- http://www.debian.org/security/2007/dsa-1376
- https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00022.html
- https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00084.html
- http://security.gentoo.org/glsa/glsa-200710-15.xml
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:190
- http://www.redhat.com/support/errata/RHSA-2007-0905.html
- http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00006.html
- http://www.ubuntu.com/usn/usn-517-1
- http://securitytracker.com/id?1018724
- http://secunia.com/advisories/26929
- http://secunia.com/advisories/26894
- http://secunia.com/advisories/26904
- http://secunia.com/advisories/26915
- http://secunia.com/advisories/26977
- http://secunia.com/advisories/27089
- http://secunia.com/advisories/27106
- http://secunia.com/advisories/27096
- http://secunia.com/advisories/27180
- http://secunia.com/advisories/27271
- http://www.vupen.com/english/advisories/2007/3227
- https://exchange.xforce.ibmcloud.com/vulnerabilities/36711
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10359
Frequently Asked Questions
What is the severity of CVE-2007-4569?
CVE-2007-4569 is considered a high severity vulnerability due to the potential for remote attackers to gain unauthorized access.
How do I fix CVE-2007-4569?
To fix CVE-2007-4569, ensure that autologin is not configured and disable the 'shutdown with password' option in KDM settings.
Which versions of KDE are affected by CVE-2007-4569?
CVE-2007-4569 affects KDE versions 3.3.0 to 3.5.7 including various specific updates within that range.
What type of attack does CVE-2007-4569 allow?
CVE-2007-4569 allows remote attackers to bypass password authentication and log in to arbitrary accounts.
Is CVE-2007-4569 still a threat today?
CVE-2007-4569 may still pose a threat to systems that have not been updated and continue to use affected versions of KDE.
- agent/remedy
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/author
- agent/last-modified-date
- agent/weakness
- agent/severity
- agent/first-publish-date
- agent/event
- agent/description
- agent/source
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/kde
- canonical/kde kde beta 3
- version/kde kde beta 3/3.3.2
- version/kde kde beta 3/3.3.1
- version/kde kde beta 3/3.5.5
- version/kde kde beta 3/3.4.3
- version/kde kde beta 3/3.5.2
- version/kde kde beta 3/3.4.0
- version/kde kde beta 3/3.4
- version/kde kde beta 3/3.5.0
- version/kde kde beta 3/3.5.4
- version/kde kde beta 3/3.5.7
- version/kde kde beta 3/3.5
- version/kde kde beta 3/3.5.3
- version/kde kde beta 3/3.3
- version/kde kde beta 3/3.5.1
- version/kde kde beta 3/3.4.2
- version/kde kde beta 3/3.5.6
- version/kde kde beta 3/3.4.1
- version/kde kde beta 3/3.3.0