Published: 08/05/2018 Updated: 12/06/2018

CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 641

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

kwallet-pam in KDE KWallet prior to 5.12.6 allows local users to obtain ownership of arbitrary files via a symlink attack.

Vulnerable Product	Search on Vulmon	Subscribe to Product
kde plasma
debian debian linux 9.0
opensuse leap 15.0
opensuse leap 42.3

Fabian Vogt discovered that incorrect permission handling in the PAM module of the KDE Wallet could allow an unprivileged local user to gain ownership of arbitrary files For the stable distribution (stretch), this problem has been fixed in version 584-1+deb9u2 We recommend that you upgrade your kwallet-pam packages For the detailed security st ...

CWE-59 https://www.kde.org/info/security/advisory-20180503-1.txt https://commits.kde.org/kwallet-pam/99abc7fde21f40cc6da5feb6ee766cc46fcca1f8 https://commits.kde.org/kwallet-pam/802f305d81f8771c4f4a8bd7fd0e368ffc6f9b3b https://commits.kde.org/kwallet-pam/2134dec85ce19d6378d03cddfae9e5e464cb24c0 https://commits.kde.org/kwallet-pam/01d4143fda5bddb6dca37b23304dc239a5fb38b5 https://bugzilla.suse.com/show_bug.cgi?id=1090863 https://www.debian.org/security/2018/dsa-4200 https://nvd.nist.gov https://www.debian.org/security/./dsa-4200

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2018-10380

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect