fkie_cve-2003-0690
Vulnerability from fkie_nvd
Published
2003-10-06 04:00
Modified
2024-11-20 23:45
Severity ?
Summary
KDM in KDE 3.1.3 and earlier does not verify whether the pam_setcred function call succeeds, which may allow attackers to gain root privileges by triggering error conditions within PAM modules, as demonstrated in certain configurations of the MIT pam_krb5 module.
References
cve@mitre.orghttp://cert.uni-stuttgart.de/archive/suse/security/2002/12/msg00101.html
cve@mitre.orghttp://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000747
cve@mitre.orghttp://marc.info/?l=bugtraq&m=106374551513499&w=2
cve@mitre.orghttp://www.debian.org/security/2003/dsa-388
cve@mitre.orghttp://www.debian.org/security/2004/dsa-443
cve@mitre.orghttp://www.kde.org/info/security/advisory-20030916-1.txtPatch, Vendor Advisory
cve@mitre.orghttp://www.mandriva.com/security/advisories?name=MDKSA-2003:091
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2003-270.htmlPatch, Vendor Advisory
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2003-286.html
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2003-287.html
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2003-288.html
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2003-289.html
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A193
af854a3a-2127-422b-91ae-364da2661108http://cert.uni-stuttgart.de/archive/suse/security/2002/12/msg00101.html
af854a3a-2127-422b-91ae-364da2661108http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000747
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=106374551513499&w=2
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2003/dsa-388
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2004/dsa-443
af854a3a-2127-422b-91ae-364da2661108http://www.kde.org/info/security/advisory-20030916-1.txtPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDKSA-2003:091
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2003-270.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2003-286.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2003-287.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2003-288.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2003-289.html
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A193
Impacted products
Vendor Product Version
kde kde 1.1
kde kde 1.1.1
kde kde 1.1.2
kde kde 1.2
kde kde 2.0
kde kde 2.0.1
kde kde 2.0_beta
kde kde 2.1
kde kde 2.1.1
kde kde 2.1.2
kde kde 2.2
kde kde 2.2.1
kde kde 2.2.2
kde kde 3.0
kde kde 3.0.1
kde kde 3.0.2
kde kde 3.0.3
kde kde 3.0.3a
kde kde 3.0.4
kde kde 3.0.5
kde kde 3.0.5a
kde kde 3.0.5b
kde kde 3.1
kde kde 3.1.1
kde kde 3.1.1a
kde kde 3.1.2
kde kde 3.1.3


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:kde:kde:1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "55B38F8C-9451-441B-BCD8-E41C1A2231DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:kde:kde:1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D04A4717-229D-4E20-8FD2-DC13757B0AC5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:kde:kde:1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F472ECE0-821E-4A20-B6FC-CC4FC5D1BA36",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:kde:kde:1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D6767505-CFD5-4C66-A67A-4740E2994CC8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:kde:kde:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6671EEE2-8CEC-41C7-9CF2-23D92A1B3DE8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:kde:kde:2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4F3ACDA-8DB4-4E59-B673-021CEBD03D8C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:kde:kde:2.0_beta:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC14C38A-AAA8-463E-AA7C-F16C6CB3A3EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:kde:kde:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C5E480F-A87E-4583-BC75-8596206C0895",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:kde:kde:2.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2EF4C94E-54BB-44DB-BB7D-841419C4D3A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:kde:kde:2.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B292C704-EDFA-4060-90DF-0A3906DB0AC9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:kde:kde:2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B5DBFB51-48EB-41E5-9712-0A5368EE56A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:kde:kde:2.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EEAE9343-7A7F-4CB0-8CEF-52D61BD689C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:kde:kde:2.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F531972-E0A7-4E7C-A899-3766CEAAE2EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:kde:kde:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4CEED379-3111-4451-B782-8C66CE568A1C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:kde:kde:3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B146FCD3-F6E7-4412-94FD-F9E66089C227",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:kde:kde:3.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "99CB51E4-0BFC-4C7C-B9EE-3DBCB0188D73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:kde:kde:3.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C629F0C8-C765-4076-B426-80929F9CE285",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:kde:kde:3.0.3a:*:*:*:*:*:*:*",
              "matchCriteriaId": "E107A931-B670-42A8-9F75-EEA0EF3D09B5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:kde:kde:3.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "671D1461-4AB4-4FB6-977D-733888A1BA9B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:kde:kde:3.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "E268EFFF-6B28-4C64-B052-AFA3BB1E709F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:kde:kde:3.0.5a:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF9B6CD2-7343-4D68-BEC6-A7BB0E0F0962",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:kde:kde:3.0.5b:*:*:*:*:*:*:*",
              "matchCriteriaId": "21AC6FAB-45DF-4DE1-AADD-7DCA3AF0051E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:kde:kde:3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F98A556-D640-40F1-92C2-FC262F50F5C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:kde:kde:3.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B7E2C256-8E9F-4D12-ABF4-FECE06B52CAA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:kde:kde:3.1.1a:*:*:*:*:*:*:*",
              "matchCriteriaId": "ECBCF55E-336B-420E-A154-609C02BB9FEE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:kde:kde:3.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "33AF934D-B51B-4A81-BC47-FFEAB9A62C30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:kde:kde:3.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A3096F2-B0F1-45E1-806D-6434DE56619A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "KDM in KDE 3.1.3 and earlier does not verify whether the pam_setcred function call succeeds, which may allow attackers to gain root privileges by triggering error conditions within PAM modules, as demonstrated in certain configurations of the MIT pam_krb5 module."
    },
    {
      "lang": "es",
      "value": "KDM en KDE 3.1.3 y anteriores no verifica si la llamada a la funci\u00f3n pam_setcred tiene \u00e9xito, lo que podr\u00eda permitir a atacantes ganar privilegios de root disparando condiciones de error en m\u00f3dulo PAM, como se demostr\u00f3 en ciertas configuraciones del m\u00f3dulo pam_krb5 del MIT."
    }
  ],
  "id": "CVE-2003-0690",
  "lastModified": "2024-11-20T23:45:18.547",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2003-10-06T04:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://cert.uni-stuttgart.de/archive/suse/security/2002/12/msg00101.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000747"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=106374551513499\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2003/dsa-388"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2004/dsa-443"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.kde.org/info/security/advisory-20030916-1.txt"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:091"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2003-270.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/support/errata/RHSA-2003-286.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/support/errata/RHSA-2003-287.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/support/errata/RHSA-2003-288.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/support/errata/RHSA-2003-289.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A193"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://cert.uni-stuttgart.de/archive/suse/security/2002/12/msg00101.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000747"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=106374551513499\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2003/dsa-388"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2004/dsa-443"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.kde.org/info/security/advisory-20030916-1.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:091"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2003-270.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2003-286.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2003-287.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2003-288.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2003-289.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A193"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.