CVE-2007-4569

CWE-2649 documents7 sources

Severity

6.8MEDIUM

EPSS

0.3%

top 49.60%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

KDE KDE

Timeline

PublishedSep 21

Latest updateMay 1

Description

backend/session.c in KDM in KDE 3.3.0 through 3.5.7, when autologin is configured and "shutdown with password" is enabled, allows remote attackers to bypass the password requirement and login to arbitrary accounts via unspecified vectors.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.1 | Impact: 10.0

Affected Packages1 packages

▶NVDkde/kde18 versions+17

Patches

Patch: www.kde.org ↗Patch: www.securityfocus.com ↗Patch: www.kde.org ↗

🔴Vulnerability Details

GHSA

GHSA-mj8p-r5gp-w6p8: backend/session↗2022-05-01

▶

CVEList

CVE-2007-4569: backend/session↗2007-09-21

▶

💥Exploits & PoCs

Exploit-DB

Asterisk < 1.2.22/1.4.8 - IAX2 Channel Driver Remote Crash↗2007-07-31

▶

📋Vendor Advisories

Ubuntu

kdm vulnerability↗2007-09-25

▶

Red Hat

kdm password-less login vulnerability↗2007-09-19

▶

💬Community

Bugzilla

CVE-2007-4569 kdm password-less login vulnerability [FC6]↗2007-09-21

▶

Bugzilla

CVE-2007-4569 kdm password-less login vulnerability [F7]↗2007-09-21

▶

Bugzilla

CVE-2007-4569 kdm password-less login vulnerability↗2007-09-12

▶