KDM does not check for successful completion of the pam_setcred() call. In case of error conditions in the installed PAM modules, KDM might grant local root access to any user with valid login credentials. It has been reported that a certain configuration of the MIT pam_krb5 module can result in a failing pam_setcred() call leaving the session alive and providing root access to a regular user. This issue will be public on September 8th 2003
Erratum has been delayed until Sep15 due to additional issue being found, CAN-2003-0692, weak session cookies used by kdm. Erratum RHSA-2003:270 in progress.
Erratum was released on 16th September, now public. http://www.kde.org/info/security/advisory-20030916-1.txt
An errata has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHSA-2003-270.html