CVE-2006-2449
rPSA-2006-0106-1.txt
Severity Score
5.5
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
KDE Display Manager (KDM) in KDE 3.2.0 up to 3.5.3 allows local users to read arbitrary files via a symlink attack related to the session type for login.
KDE Display Manager (KDM) en KDE v3.2.0 a v3.5.3 permite a usuarios locales leer archivos de su elección mediante un ataque de enlaces simbólicos relaciado con el tipo de sesión elegido en el inicio de sesión
KDM allows the user to select the session type for login. This setting is permanently stored in the user home directory. By using a symlink attack, KDM can be tricked into allowing the user to read file content that would otherwise be unreadable to this particular user. This vulnerability was discovered and reported by Ludwig Nussel. Affected is KDM as shipped with KDE 3.2.0 up to including 3.5.3. KDE 3.1.x and older and newer versions than KDE 3.5.3 are not affected.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2006-05-18 CVE Reserved
- 2006-06-15 CVE Published
- 2024-08-07 CVE Updated
- 2025-06-22 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (27)
| URL | Tag | Source |
|---|---|---|
| http://securitytracker.com/id?1016297 | Vdb Entry | |
| http://www.osvdb.org/26511 | Vdb Entry | |
| http://www.securityfocus.com/archive/1/437133/100/0/threaded | Mailing List | |
| http://www.securityfocus.com/archive/1/437322/100/0/threaded | Mailing List | |
| http://www.securityfocus.com/bid/18431 | Vdb Entry | |
| http://www.vupen.com/english/advisories/2006/2355 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/27181 | Vdb Entry | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9844 | Signature |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www.redhat.com/support/errata/RHSA-2006-0548.html | 2018-10-18 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Kde Search vendor "Kde" | Kde Search vendor "Kde" for product "Kde" | 3.2 Search vendor "Kde" for product "Kde" and version "3.2" | - |
Affected
| ||||||
| Kde Search vendor "Kde" | Kde Search vendor "Kde" for product "Kde" | 3.2.1 Search vendor "Kde" for product "Kde" and version "3.2.1" | - |
Affected
| ||||||
| Kde Search vendor "Kde" | Kde Search vendor "Kde" for product "Kde" | 3.2.2 Search vendor "Kde" for product "Kde" and version "3.2.2" | - |
Affected
| ||||||
| Kde Search vendor "Kde" | Kde Search vendor "Kde" for product "Kde" | 3.2.3 Search vendor "Kde" for product "Kde" and version "3.2.3" | - |
Affected
| ||||||
| Kde Search vendor "Kde" | Kde Search vendor "Kde" for product "Kde" | 3.3 Search vendor "Kde" for product "Kde" and version "3.3" | - |
Affected
| ||||||
| Kde Search vendor "Kde" | Kde Search vendor "Kde" for product "Kde" | 3.3.1 Search vendor "Kde" for product "Kde" and version "3.3.1" | - |
Affected
| ||||||
| Kde Search vendor "Kde" | Kde Search vendor "Kde" for product "Kde" | 3.3.2 Search vendor "Kde" for product "Kde" and version "3.3.2" | - |
Affected
| ||||||
| Kde Search vendor "Kde" | Kde Search vendor "Kde" for product "Kde" | 3.4 Search vendor "Kde" for product "Kde" and version "3.4" | - |
Affected
| ||||||
| Kde Search vendor "Kde" | Kde Search vendor "Kde" for product "Kde" | 3.4.1 Search vendor "Kde" for product "Kde" and version "3.4.1" | - |
Affected
| ||||||
| Kde Search vendor "Kde" | Kde Search vendor "Kde" for product "Kde" | 3.4.2 Search vendor "Kde" for product "Kde" and version "3.4.2" | - |
Affected
| ||||||
| Kde Search vendor "Kde" | Kde Search vendor "Kde" for product "Kde" | 3.4.3 Search vendor "Kde" for product "Kde" and version "3.4.3" | - |
Affected
| ||||||
| Kde Search vendor "Kde" | Kde Search vendor "Kde" for product "Kde" | 3.5 Search vendor "Kde" for product "Kde" and version "3.5" | - |
Affected
| ||||||
| Kde Search vendor "Kde" | Kde Search vendor "Kde" for product "Kde" | 3.5.2 Search vendor "Kde" for product "Kde" and version "3.5.2" | - |
Affected
| ||||||
| Kde Search vendor "Kde" | Kde Search vendor "Kde" for product "Kde" | 3.5.3 Search vendor "Kde" for product "Kde" and version "3.5.3" | - |
Affected
| ||||||