CVE-2007-4569 Information

Description

backend/session.c in KDM in KDE 3.3.0 through 3.5.7 when autologin is configured and \shutdown with password\ is enabled allows remote attackers to bypass the password requirement and login to arbitrary accounts via unspecified vectors.

Reference

http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00006.html http://secunia.com/advisories/26894 http://secunia.com/advisories/26904 http://secunia.com/advisories/26915 http://secunia.com/advisories/26929 http://secunia.com/advisories/26977 http://secunia.com/advisories/27089 http://secunia.com/advisories/27096 http://secunia.com/advisories/27106 http://secunia.com/advisories/27180 http://secunia.com/advisories/27271 http://security.gentoo.org/glsa/glsa-200710-15.xml http://securitytracker.com/id?1018724 http://www.debian.org/security/2007/dsa-1376 http://www.kde.org/info/security/advisory-20070919-1.txt http://www.mandriva.com/security/advisories?name=MDKSA-2007:190 http://www.redhat.com/support/errata/RHSA-2007-0905.html http://www.securityfocus.com/bid/25730 http://www.ubuntu.com/usn/usn-517-1 http://www.vupen.com/english/advisories/2007/3227 https://exchange.xforce.ibmcloud.com/vulnerabilities/36711 https://issues.rpath.com/browse/RPL-1725 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A10359 https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00022.html https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00084.html