CVE-2010-0436: Race Condition
First published: Thu Mar 04 2010(Updated: )
Race condition in backend/ctrl.c in KDM in KDE Software Compilation (SC) 2.2.0 through 4.4.2 allows local users to change the permissions of arbitrary files, and consequently gain privileges, by blocking the removal of a certain directory that contains a control socket, related to improper interaction with ksm.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| KDE SC | =2.2.0 | |
| KDE SC | =3.5.10 | |
| KDE SC | =4.1.2 | |
| KDE SC | =4.2.2 | |
| KDE SC | =4.3.0 | |
| KDE SC | =4.3.1 | |
| KDE SC | =4.3.4 | |
| KDE SC | =4.3.5 | |
| KDE SC | =4.4.0 | |
| KDE SC | =4.4.1 | |
| KDE SC | =4.4.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://secunia.com/advisories/39419
- https://bugzilla.redhat.com/show_bug.cgi?id=570613
- http://www.securityfocus.com/bid/39467
- http://www.vupen.com/english/advisories/2010/0879
- http://rhn.redhat.com/errata/RHSA-2010-0348.html
- http://www.kde.org/info/security/advisory-20100413-1.txt
- http://secunia.com/advisories/39481
- http://www.debian.org/security/2010/dsa-2037
- http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039533.html
- http://secunia.com/advisories/39506
- http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00002.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/57823
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9999
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=397924&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=397924&action=edit
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=400244&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=400244&action=edit
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=401213&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=401213&action=edit
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=570613#c2
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=570613#c8
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=401214&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=401214&action=edit
- https://rhn.redhat.com/errata/RHSA-2010-0348.html
- http://admin.fedoraproject.org/updates/kdebase-workspace-4.4.2-5.fc13
- http://admin.fedoraproject.org/updates/kdeaccessibility-4.4.2-1.fc11,kdeadmin-4.4.2-1.fc11,kdeartwork-4.4.2-1.fc11,kdebase-4.4.2-1.fc11,kdebase-runtime-4.4.2-1.fc11,kdebase-workspace-4.4.2-5.fc11,kdebindings-4.4.2-1.fc11,kdeedu-4.4.2-1.fc11,kdegames-4.4.2-1.fc11,kdegraphics-4.4.2-3.fc11,kdelibs-4.4.2-2.fc11,kdemultimedia-4.4.2-2.fc11,kdenetwork-4.4.2-1.fc11,kdepim-4.4.2-1.fc11,kdepim-runtime-4.4.2-1.fc11,kdepimlibs-4.4.2-1.fc11,kdeplasma-addons-4.4.2-1.fc11,kdesdk-4.4.2-1.fc11,kdetoys-4.4.2-1.fc11,kdeutils-4.4.2-1.fc11.1,oxygen-icon-theme-4.4.2-1.fc11,sip-4.10.1-2.fc11,PyQt4-4.7.2-2.fc11,konq-plugins-4.4.0-3.fc11
- http://admin.fedoraproject.org/updates/kdeaccessibility-4.4.2-1.fc12,kdeadmin-4.4.2-1.fc12,kdeartwork-4.4.2-1.fc12,kdebase-4.4.2-1.fc12,kdebase-runtime-4.4.2-1.fc12,kdebase-workspace-4.4.2-5.fc12,kdebindings-4.4.2-1.fc12,kdeedu-4.4.2-1.fc12,kdegames-4.4.2-1.fc12,kdegraphics-4.4.2-3.fc12,kdelibs-4.4.2-2.fc12,kdemultimedia-4.4.2-2.fc12,kdenetwork-4.4.2-1.fc12,kdepim-4.4.2-1.fc12,kdepim-runtime-4.4.2-1.fc12,kdepimlibs-4.4.2-1.fc12,kdeplasma-addons-4.4.2-1.fc12,kdesdk-4.4.2-1.fc12,kdetoys-4.4.2-1.fc12,kdeutils-4.4.2-1.fc12,oxygen-icon-theme-4.4.2-1.fc12,sip-4.10.1-2.fc12,PyQt4-4.7.2-2.fc12,konq-plugins-4.4.0-3.fc12
Frequently Asked Questions
What is the severity of CVE-2010-0436?
CVE-2010-0436 is classified as a high severity vulnerability due to the potential for privilege escalation.
How do I fix CVE-2010-0436?
To mitigate CVE-2010-0436, upgrade to a patched version of KDE Software Compilation that addresses the race condition issue.
Who is affected by CVE-2010-0436?
Local users on systems running affected versions of KDE Software Compilation are at risk of CVE-2010-0436.
What systems are vulnerable to CVE-2010-0436?
CVE-2010-0436 impacts KDE Software Compilation versions ranging from 2.2.0 to 4.4.2.
What is the nature of the exploit for CVE-2010-0436?
The exploit of CVE-2010-0436 involves a race condition that allows unauthorized permission changes to arbitrary files.
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- agent/remedy
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/references
- agent/author
- agent/severity
- agent/description
- agent/event
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2010-0436
- agent/trending
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- agent/weakness
- vendor/kde
- canonical/kde sc
- version/kde sc/2.2.0
- version/kde sc/3.5.10
- version/kde sc/4.1.2
- version/kde sc/4.2.2
- version/kde sc/4.3.0
- version/kde sc/4.3.1
- version/kde sc/4.3.4
- version/kde sc/4.3.5
- version/kde sc/4.4.0
- version/kde sc/4.4.1
- version/kde sc/4.4.2