Published: 06/10/2003 Updated: 11/10/2017

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

KDM in KDE 3.1.3 and previous versions uses a weak session cookie generation algorithm that does not provide 128 bits of entropy, which allows malicious users to guess session cookies via brute force methods and gain access to the user session.

Vulnerable Product	Search on Vulmon	Subscribe to Product
kde kde 2.0.1
kde kde 2.0_beta
kde kde 2.1
kde kde 3.0.1
kde kde 3.0.2
kde kde 3.1
kde kde 3.1.1
kde kde 1.1.1
kde kde 1.1.2
kde kde 2.2
kde kde 2.2.1
kde kde 3.0.4
kde kde 3.0.5
kde kde 3.1.3
kde kde 1.2
kde kde 2.0
kde kde 2.2.2
kde kde 3.0
kde kde 3.0.5a
kde kde 3.0.5b
kde kde 1.1
kde kde 2.1.1
kde kde 2.1.2
kde kde 3.0.3
kde kde 3.0.3a
kde kde 3.1.1a
kde kde 3.1.2

Two vulnerabilities were discovered in kdebase: CAN-2003-0690: KDM in KDE 313 and earlier does not verify whether the pam_setcred function call succeeds, which may allow attackers to gain root privileges by triggering error conditions within PAM modules, as demonstrated in certain configurations of the MIT pam_krb5 module CAN-2003-0692: ...

NVD-CWE-Other http://www.kde.org/info/security/advisory-20030916-1.txt http://www.redhat.com/support/errata/RHSA-2003-270.html http://www.debian.org/security/2003/dsa-388 http://cert.uni-stuttgart.de/archive/suse/security/2002/12/msg00101.html http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000747 http://www.redhat.com/support/errata/RHSA-2003-288.html http://www.mandriva.com/security/advisories?name=MDKSA-2003:091 http://marc.info/?l=bugtraq&m=106374551513499&w=2 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A215 https://nvd.nist.gov https://www.debian.org/security/./dsa-388

CVE-2003-0692

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect