QwikSec

Security Database

CVE

CWE

Training

CVE-2003-0690

Published: Sep 18, 2003

Modified: Aug 8, 2024

PUBLISHED

Description

KDM in KDE 3.1.3 and earlier does not verify whether the pam_setcred function call succeeds, which may allow attackers to gain root privileges by triggering error conditions within PAM modules, as demonstrated in certain configurations of the MIT pam_krb5 module.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vendor-advisory

x_refsource_CONECTIVA

oval:org.mitre.oval:def:193

vdb-entry

signature

x_refsource_OVAL

20030916 [KDE SECURITY ADVISORY] KDM vulnerabilities

mailing-list

x_refsource_BUGTRAQ

vendor-advisory

x_refsource_DEBIAN

vendor-advisory

x_refsource_REDHAT

http://cert.uni-stuttgart.de/archive/suse/security/2002/12/msg00101.html

x_refsource_MISC

vendor-advisory

x_refsource_REDHAT

vendor-advisory

x_refsource_REDHAT

vendor-advisory

x_refsource_REDHAT

vendor-advisory

x_refsource_DEBIAN

vendor-advisory

x_refsource_MANDRAKE

http://www.kde.org/info/security/advisory-20030916-1.txt

x_refsource_CONFIRM

vendor-advisory

x_refsource_REDHAT

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

CVE-2003-0690 - Security Vulnerability | QwikSec