CVE-2010-0436

EPSS 0.03%
Published 15.04.2010 17:30:00
Last modified 11.04.2025 00:51:21
Source secalert@redhat.com
Teams watchlist Login
Open Login

Race condition in backend/ctrl.c in KDM in KDE Software Compilation (SC) 2.2.0 through 4.4.2 allows local users to change the permissions of arbitrary files, and consequently gain privileges, by blocking the removal of a certain directory that contains a control socket, related to improper interaction with ksm.

Affected products Warnungen 0 Metrics 2 CWE 1 References 17

Data is provided by the National Vulnerability Database (NVD)

Kde ≫ Kde Sc Version2.2.0

Kde ≫ Kde Sc Version3.5.10

Kde ≫ Kde Sc Version4.1.2

Kde ≫ Kde Sc Version4.2.2

Kde ≫ Kde Sc Version4.3.0

Kde ≫ Kde Sc Version4.3.1

Kde ≫ Kde Sc Version4.3.4

Kde ≫ Kde Sc Version4.3.5

Kde ≫ Kde Sc Version4.4.0

Kde ≫ Kde Sc Version4.4.1

Kde ≫ Kde Sc Version4.4.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.03%	0.041

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.9	3.4	10	AV:L/AC:M/Au:N/C:C/I:C/A:C

CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.

http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00002.html

ftp://ftp.kde.org/pub/kde/security_patches/kdebase-workspace-4.3.5-CVE-2010-0436.diff

Patch

http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039533.html

http://rhn.redhat.com/errata/RHSA-2010-0348.html

http://secunia.com/advisories/39419

Vendor Advisory

http://secunia.com/advisories/39481

http://secunia.com/advisories/39506

http://www.debian.org/security/2010/dsa-2037

http://www.kde.org/info/security/advisory-20100413-1.txt

Vendor Advisory