Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2003-0690

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2003-0690
Last Modified 10 Sep 2008 03:20:09
Published 06 Oct 2003 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2003-0690

Summary

KDM in KDE 3.1.3 and earlier does not verify whether the pam_setcred function call succeeds, which may allow attackers to gain root privileges by triggering error conditions within PAM modules, as demonstrated in certain configurations of the MIT pam_krb5 module.

Vulnerable Systems

Operating System

  • Kde 1.1

  • Kde 1.1.1

  • Kde 1.1.2

  • Kde 1.2

  • Kde 2.0

  • Kde 2.0 Beta

  • Kde 2.0.1

  • Kde 2.1

  • Kde 2.1.1

  • Kde 2.1.2

  • Kde 2.2

  • Kde 2.2.1

  • Kde 2.2.2

  • Kde 3.0

  • Kde 3.0.1

  • Kde 3.0.2

  • Kde 3.0.3

  • Kde 3.0.3a

  • Kde 3.0.4

  • Kde 3.0.5

  • Kde 3.0.5a

  • Kde 3.0.5b

  • Kde 3.1

  • Kde 3.1.1

  • Kde 3.1.1a

  • Kde 3.1.2

  • Kde 3.1.3


References

REDHAT - RHSA-2003:270

CONFIRM - http://www.kde.org/info/security/advisory-20030916-1.txt

BUGTRAQ - 20030916 [KDE SECURITY ADVISORY] KDM vulnerabilities

REDHAT - RHSA-2003:289

REDHAT - RHSA-2003:286

DEBIAN - DSA-443

DEBIAN - DSA-388

MISC - http://cert.uni-stuttgart.de/archive/suse/security/2002/12/msg00101.html

REDHAT - RHSA-2003:288

REDHAT - RHSA-2003:287

MANDRAKE - MDKSA-2003:091

CONECTIVA - CLA-2003:747


Last Updated: 27 May 2016 10:38:00