backend/session.c in KDM in KDE 3.3.0 through 3.5.7, when autologin is configured and shutdown with password is enabled, allows remote attackers to bypass the password requirement and login to arbitrary accounts via unspecified vectors.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Kde | Kde | 3.3 (including) | 3.3 (including) |
| Kde | Kde | 3.3.0 (including) | 3.3.0 (including) |
| Kde | Kde | 3.3.1 (including) | 3.3.1 (including) |
| Kde | Kde | 3.3.2 (including) | 3.3.2 (including) |
| Kde | Kde | 3.4 (including) | 3.4 (including) |
| Kde | Kde | 3.4.0 (including) | 3.4.0 (including) |
| Kde | Kde | 3.4.1 (including) | 3.4.1 (including) |
| Kde | Kde | 3.4.2 (including) | 3.4.2 (including) |
| Kde | Kde | 3.4.3 (including) | 3.4.3 (including) |
| Kde | Kde | 3.5 (including) | 3.5 (including) |
| Kde | Kde | 3.5.0 (including) | 3.5.0 (including) |
| Kde | Kde | 3.5.1 (including) | 3.5.1 (including) |
| Kde | Kde | 3.5.2 (including) | 3.5.2 (including) |
| Kde | Kde | 3.5.3 (including) | 3.5.3 (including) |
| Kde | Kde | 3.5.4 (including) | 3.5.4 (including) |
| Kde | Kde | 3.5.5 (including) | 3.5.5 (including) |
| Kde | Kde | 3.5.6 (including) | 3.5.6 (including) |
| Kde | Kde | 3.5.7 (including) | 3.5.7 (including) |
| Red Hat Enterprise Linux 4 | RedHat | kdebase-6:3.3.1-6.el4 | * |
| Red Hat Enterprise Linux 5 | RedHat | kdebase-6:3.5.4-15.el5 | * |
| Kdebase | Ubuntu | dapper | * |
| Kdebase | Ubuntu | devel | * |
| Kdebase | Ubuntu | edgy | * |
| Kdebase | Ubuntu | feisty | * |