Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2003-0692

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2003-0692
Last Modified 10 Sep 2008 03:20:09
Published 06 Oct 2003 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2003-0692

Summary

KDM in KDE 3.1.3 and earlier uses a weak session cookie generation algorithm that does not provide 128 bits of entropy, which allows attackers to guess session cookies via brute force methods and gain access to the user session.

Vulnerable Systems

Operating System

  • Kde 1.1

  • Kde 1.1.1

  • Kde 1.1.2

  • Kde 1.2

  • Kde 2.0

  • Kde 2.0 Beta

  • Kde 2.0.1

  • Kde 2.1

  • Kde 2.1.1

  • Kde 2.1.2

  • Kde 2.2

  • Kde 2.2.1

  • Kde 2.2.2

  • Kde 3.0

  • Kde 3.0.1

  • Kde 3.0.2

  • Kde 3.0.3

  • Kde 3.0.3a

  • Kde 3.0.4

  • Kde 3.0.5

  • Kde 3.0.5a

  • Kde 3.0.5b

  • Kde 3.1

  • Kde 3.1.1

  • Kde 3.1.1a

  • Kde 3.1.2

  • Kde 3.1.3


References

REDHAT - RHSA-2003:270

CONFIRM - http://www.kde.org/info/security/advisory-20030916-1.txt

DEBIAN - DSA-388

MISC - http://cert.uni-stuttgart.de/archive/suse/security/2002/12/msg00101.html

REDHAT - RHSA-2003:288

MANDRAKE - MDKSA-2003:091

BUGTRAQ - 20030916 [KDE SECURITY ADVISORY] KDM vulnerabilities

CONECTIVA - CLA-2003:747


Last Updated: 27 May 2016 10:38:00