Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-1671

Overview

Vulnerability Score 4.6 4.6
CVE Id CVE-2008-1671
Last Modified 07 Mar 2011 10:07:26
Published 28 Apr 2008 01:05:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2008-1671

Summary

start_kdeinit in KDE 3.5.5 through 3.5.9, when installed setuid root, allows local users to cause a denial of service and possibly execute arbitrary code via "user-influenceable input" (probably command-line arguments) that cause start_kdeinit to send SIGUSR1 signals to other processes.

Vulnerable Systems

Operating System

  • Kde 3.5.5

  • Kde 3.5.6

  • Kde 3.5.7

  • Kde 3.5.8

  • Kde 3.5.9


References

XF - kde-startkdeinit-privilege-escalation(42039)

VUPEN - ADV-2008-1370

UBUNTU - USN-608-1

SECTRACK - 1019924

BID - 28938

MANDRIVA - MDVSA-2008:097

CONFIRM - http://www.kde.org/info/security/advisory-20080426-2.txt

SECUNIA - 30113

SECUNIA - 29951

CONFIRM - ftp://ftp.kde.org/pub/kde/security_patches/post-kde-3.5.5-kinit.diff

GENTOO - GLSA-200804-30

SECUNIA - 29977

SUSE - SUSE-SR:2008:011


Last Updated: 27 May 2016 10:47:37