Package: kdm Version: 4:3.5.7-1 Severity: grave Tags: security Justification: user security hole
When using KDM with AutoLoginEnable=true and AutoLoginLocked=true, and using a KDE session, the session lock can be avoided by switching virtual consoles before the autologin starts (e.g. while the X server is still starting up, or during the AutoLoginDelay). Regards, Rogier. -- System Information: Debian Release: lenny/sid APT prefers testing APT policy: (990, 'testing') Architecture: i386 (i686) Kernel: Linux 2.6.18-3-686 (SMP w/1 CPU core) Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Shell: /bin/sh linked to /bin/bash Versions of packages kdm depends on: ii debconf [debconf-2.0] 1.5.13 Debian configuration management sy ii kdebase-bin 4:3.5.7-1 core binaries for the KDE base mod ii kdebase-data 4:3.5.7-1 shared data files for the KDE base ii kdelibs4c2a 4:3.5.7.dfsg.1-1 core libraries and binaries for al ii libc6 2.5-9+b1 GNU C Library: Shared libraries ii libgcc1 1:4.2-20070627-1 GCC support library ii libpam-runtime 0.79-4 Runtime support for the PAM librar ii libpam0g 0.79-4 Pluggable Authentication Modules l ii libqt3-mt 3:3.3.7-5 Qt GUI Library (Threaded runtime v ii libstdc++6 4.2-20070627-1 The GNU Standard C++ Library v3 ii libx11-6 2:1.0.3-7 X11 client-side library ii libxau6 1:1.0.3-2 X11 authorisation library ii libxdmcp6 1:1.0.2-2 X11 Display Manager Control Protoc ii libxtst6 1:1.0.2-1 X11 Testing -- Resource extension ii xbase-clients 1:7.2.ds2-2 miscellaneous X clients Versions of packages kdm recommends: ii logrotate 3.7.1-3 Log rotation utility -- debconf information: kdm/stop_running_server_with_children: false * shared/default-x-display-manager: kdm kdm/daemon_name: /usr/bin/kdm -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
