Launchpad CVE tracker

CVE 2007-4569

backend/session.c in KDM in KDE 3.3.0 through 3.5.7, when autologin is configured and "shutdown with password" is enabled, allows remote attackers to bypass the password requirement and login to arbitrary accounts via unspecified vectors.

Related bugs and status

CVE-2007-4569 (Candidate) is related to these bugs:

Bug #107694: ksmserver: check for prelinking

Summary				In	Importance	Status
	107694	ksmserver: check for prelinking		kdebase (Ubuntu)	Undecided	Fix Released

Bug #139893: Konqueror-nsplugins don't depend of konqueror

Summary				In	Importance	Status
	139893	Konqueror-nsplugins don't depend of konqueror		kdebase (Ubuntu)	Undecided	Fix Released

Bug #141378: [Security] KDM Password-less login vulnerability

		In	Importance	Status
141378	[Security] KDM Password-less login vulnerability	kdebase (Ubuntu)	High	Fix Released
141378	[Security] KDM Password-less login vulnerability	kdebase (Ubuntu Dapper)	High	Fix Released
141378	[Security] KDM Password-less login vulnerability	kdebase (Ubuntu Edgy)	High	Fix Released
141378	[Security] KDM Password-less login vulnerability	kdebase (Ubuntu Gutsy)	High	Fix Released
141378	[Security] KDM Password-less login vulnerability	kdebase (Ubuntu Feisty)	High	Fix Released

Bug #141628: Compiz w/ kde screensaver blanks 1/4 screen

Summary				In	Importance	Status
	141628	Compiz w/ kde screensaver blanks 1/4 screen		compiz (Ubuntu)	Low	Invalid
	141628	Compiz w/ kde screensaver blanks 1/4 screen		kdebase (Ubuntu)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2007-4569

References