[Bug 176347] KDM local DoS with user images
Jonathan Riddell
jriddell at ubuntu.com
Fri Dec 14 12:30:51 UTC 2007
Public bug reported:
Binary package hint: kdebase
A regular user with a valid account is able to make login via KDM
impossible. A regular user can also cause KDM to exceed the
system resource limits.
KDM can be tricked into hanging or eating memory by reading from
special files (pipes or symlinks to devices), big or sparse files
created in the users home directory.
A regular user with a valid account is able to prepare his home
directory in a way that will make login via KDM impossible for
any user if KDM's user list display is enabled and users are
permitted to add their own images. Given that the account can be
identified easily, this issue is only sensitive for high
security environments.
** Affects: kdebase (Ubuntu)
Importance: Undecided
Status: New
** Affects: kdebase (Ubuntu Dapper)
Importance: Undecided
Status: New
** Affects: kdebase (Ubuntu Edgy)
Importance: Undecided
Status: New
** Affects: kdebase (Ubuntu Feisty)
Importance: Undecided
Status: New
** Affects: kdebase (Ubuntu Gutsy)
Importance: Undecided
Status: New
** Affects: kdebase (Ubuntu Hardy)
Importance: Undecided
Status: New
--
KDM local DoS with user images
https://bugs.launchpad.net/bugs/176347
You received this bug notification because you are a member of Kubuntu
Team, which is a bug contact for kdebase in ubuntu.
More information about the kubuntu-bugs
mailing list