6.9

CVE-2010-0436

Race condition in backend/ctrl.c in KDM in KDE Software Compilation (SC) 2.2.0 through 4.4.2 allows local users to change the permissions of arbitrary files, and consequently gain privileges, by blocking the removal of a certain directory that contains a control socket, related to improper interaction with ksm.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
KdeKde Sc Version2.2.0
KdeKde Sc Version3.5.10
KdeKde Sc Version4.1.2
KdeKde Sc Version4.2.2
KdeKde Sc Version4.3.0
KdeKde Sc Version4.3.1
KdeKde Sc Version4.3.4
KdeKde Sc Version4.3.5
KdeKde Sc Version4.4.0
KdeKde Sc Version4.4.1
KdeKde Sc Version4.4.2
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.28% 0.194
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.9 3.4 10
AV:L/AC:M/Au:N/C:C/I:C/A:C
CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.

http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00002.html
ftp://ftp.kde.org/pub/kde/security_patches/kdebase-workspace-4.3.5-CVE-2010-0436.diff
Patch
http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039533.html
http://rhn.redhat.com/errata/RHSA-2010-0348.html
http://secunia.com/advisories/39419
Vendor Advisory
http://secunia.com/advisories/39481
http://secunia.com/advisories/39506
http://www.debian.org/security/2010/dsa-2037
http://www.kde.org/info/security/advisory-20100413-1.txt
Vendor Advisory
http://www.securityfocus.com/bid/39467
http://www.vupen.com/english/advisories/2010/0879
Patch
Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=570613
https://exchange.xforce.ibmcloud.com/vulnerabilities/57823
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9999