Professional OVAL Repository

[Eng] [Rus] [Sign-In]

oval:org.mitre.oval:def:9999

Version

Class

vulnerability

ALTXid

1587

Language

English

Severity

NotAvailable

Title

Race condition in backend/ctrl.c in KDM in KDE Software Compilation (SC) 2.2.0 through 4.4.2 allows local users to change the permissions of arbitrary files, and consequently gain privileges, by blocking the removal of a certain directory that contains a control socket, related to improper interaction with ksm.

Description

Family

unix

Platform

OVAL Repository

Status: ACCEPTED
Status: ACCEPTED
- 2010-07-09T03:56:16-04:00 : submitted
  - SCAP.com, LLC Aharon Chernin
- 2010-07-28T14:22:35.831-04:00 : status_change DRAFT
- 2010-08-16T04:15:27.675-04:00 : status_change INTERIM
- 2010-09-06T04:16:36.709-04:00 : status_change ACCEPTED
- 2013-04-10T17:31:00.062-04:00 : modified EDITED oval:org.mitre.oval:def:9999 - Expanded the vulnerability checks for RHEL 3, 4, and 5 to cover CentOS 3, 4, 5 and Oracle Linux 4 and 5
  - G2, Inc. Dragos Prisaca
- 2013-04-10T17:35:23.622-04:00 : status_change INTERIM
- 2013-04-29T04:24:01.633-04:00 : status_change ACCEPTED

Reference

CVE: CVE-2010-0436

Criteria

Expand All

Collapse All

AND

OS Section: RHEL4, CentOS4, Oracle Linux 4

OR	RHEL4, CentOS4 or Oracle Linux 4

EXTENDED DEFINITION (ID = oval:org.mitre.oval:def:11831) The operating system installed on the system is Red Hat Enterprise Linux 4

EXTENDED DEFINITION (ID = oval:org.mitre.oval:def:16636) CentOS Linux 4.x
EXTENDED DEFINITION (ID = oval:org.mitre.oval:def:15990) Oracle Linux 4.x

OR Configuration section
- CRITERION kdebase is earlier than 6:3.3.1-13.el4_8.1
  - RPMINFO_TEST (ID = oval:org.mitre.oval:tst:39507) check=at least one, check_existence=at_least_one_exists, comment=kdebase is earlier than 6:3.3.1-13.el4_8.1, version=2
    - rpminfo_object (ID = oval:org.mitre.oval:obj:14264)
      name kdebase
    - rpminfo_state (ID = oval:org.mitre.oval:ste:11441)
      evr datatype=evr_string | operation=less than | value=6:3.3.1-13.el4_8.1
- CRITERION kdebase-devel is earlier than 6:3.3.1-13.el4_8.1
  - RPMINFO_TEST (ID = oval:org.mitre.oval:tst:40464) check=at least one, check_existence=at_least_one_exists, comment=kdebase-devel is earlier than 6:3.3.1-13.el4_8.1, version=2
    - rpminfo_object (ID = oval:org.mitre.oval:obj:14419)
      name kdebase-devel
    - rpminfo_state (ID = oval:org.mitre.oval:ste:11441)
      evr datatype=evr_string | operation=less than | value=6:3.3.1-13.el4_8.1

AND

OS Section: RHEL5, CentOS5, Oracle Linux 5

OR	RHEL5, CentOS5 or Oracle Linux 5

EXTENDED DEFINITION (ID = oval:org.mitre.oval:def:11414) The operating system installed on the system is Red Hat Enterprise Linux 5

EXTENDED DEFINITION (ID = oval:org.mitre.oval:def:15802) The operating system installed on the system is CentOS Linux 5.x

EXTENDED DEFINITION (ID = oval:org.mitre.oval:def:15459) Oracle Linux 5.x

OR Configuration section
- CRITERION kdebase is earlier than 6:3.5.4-21.el5_5.1
  - RPMINFO_TEST (ID = oval:org.mitre.oval:tst:40335) check=at least one, check_existence=at_least_one_exists, comment=kdebase is earlier than 6:3.5.4-21.el5_5.1, version=2
    - rpminfo_object (ID = oval:org.mitre.oval:obj:14264)
      name kdebase
    - rpminfo_state (ID = oval:org.mitre.oval:ste:11308)
      evr datatype=evr_string | operation=less than | value=6:3.5.4-21.el5_5.1
- CRITERION kdebase-devel is earlier than 6:3.5.4-21.el5_5.1
  - RPMINFO_TEST (ID = oval:org.mitre.oval:tst:40374) check=at least one, check_existence=at_least_one_exists, comment=kdebase-devel is earlier than 6:3.5.4-21.el5_5.1, version=2
    - rpminfo_object (ID = oval:org.mitre.oval:obj:14419)
      name kdebase-devel
    - rpminfo_state (ID = oval:org.mitre.oval:ste:11308)
      evr datatype=evr_string | operation=less than | value=6:3.5.4-21.el5_5.1


	2008-2021, © AO ALTEX-SOFT , ovaldb@altx-soft.com OVAL and the OVAL logo are registered trademarks of The MITRE Corporation. Other names may be trademarks of their respective owners.

Access vector:	COMPLETE
Access complexity:	MEDIUM
Authentication:	NONE
Confidentiality impact:	COMPLETE
Integrity impact:	COMPLETE
Availability impact:	COMPLETE