CVE-2010-0436 — Race Condition in SC

CWE-362 — Race Condition6 documents6 sources

Severity

6.9MEDIUMNVD

EPSS

0.0%

top 92.92%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

KDE SC

Timeline

PublishedApr 15

Latest updateMay 3

Description

Race condition in backend/ctrl.c in KDM in KDE Software Compilation (SC) 2.2.0 through 4.4.2 allows local users to change the permissions of arbitrary files, and consequently gain privileges, by blocking the removal of a certain directory that contains a control socket, related to improper interaction with ksm.

CVSS vector

AV:L/AC:M/C:C/I:C/A:CExploitability: 3.4 | Impact: 10.0

Affected Packages1 packages

▶NVDkde/kde_sc11 versions+10

Patches

Patch: ftp.kde.org ↗Patch: www.vupen.com ↗Patch: ftp.kde.org ↗

🔴Vulnerability Details

GHSA

GHSA-pq8f-75fc-mgwf: Race condition in backend/ctrl↗2022-05-03

▶

CVEList

CVE-2010-0436: Race condition in backend/ctrl↗2010-04-15

▶

📋Vendor Advisories

Ubuntu

KDM vulnerability↗2010-04-19

▶

Red Hat

kdm privilege escalation flaw↗2010-04-13

▶

💬Community

Bugzilla

CVE-2010-0436 kdm privilege escalation flaw↗2010-03-04

▶