| Vulnerability Name: | CVE-2003-0690 (CCN-13203) | ||||||||||||||||||||
| Assigned: | 2003-09-16 | ||||||||||||||||||||
| Published: | 2003-09-16 | ||||||||||||||||||||
| Updated: | 2017-10-11 | ||||||||||||||||||||
| Summary: | KDM in KDE 3.1.3 and earlier does not verify whether the pam_setcred function call succeeds, which may allow attackers to gain root privileges by triggering error conditions within PAM modules, as demonstrated in certain configurations of the MIT pam_krb5 module. | ||||||||||||||||||||
| CVSS v3 Severity: | 10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
| ||||||||||||||||||||
| CVSS v2 Severity: | 10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
| ||||||||||||||||||||
| Vulnerability Type: | CWE-Other | ||||||||||||||||||||
| Vulnerability Consequences: | Gain Privileges | ||||||||||||||||||||
| References: | Source: CCN Type: SGI Security Advisory 20031002-01-U SGI Advanced Linux Environment security update #3 Source: CCN Type: BugTraq Mailing List, Tue Sep 16 2003 - 14:44:27 CDT KDM vulnerabilities Source: MISC Type: UNKNOWN http://cert.uni-stuttgart.de/archive/suse/security/2002/12/msg00101.html Source: MITRE Type: CNA CVE-2003-0690 Source: CONECTIVA Type: UNKNOWN CLA-2003:747 Source: CCN Type: Conectiva Linux Security Announcement CLSA-2003:747 kde Source: BUGTRAQ Type: UNKNOWN 20030916 [KDE SECURITY ADVISORY] KDM vulnerabilities Source: CCN Type: RHSA-2003-269 Updated KDE packages fix security issues Source: CCN Type: RHSA-2003-270 kdebase security update Source: CCN Type: RHSA-2003-286 Updated XFree86 packages provide security and bug fixes Source: CCN Type: RHSA-2003-287 Updated XFree86 packages provide security and bug fixes Source: CCN Type: RHSA-2003-288 Updated XFree86 packages provide security and bug fixes Source: CCN Type: RHSA-2003-289 XFree86 security update Source: CCN Type: CIAC Information Bulletin N-150 Red Hat Updated KDE packages fix security issues Source: CCN Type: CIAC Information Bulletin O-027 Red Hat Updated XFree86 Packages Provide Security and Bug Fixes Source: DEBIAN Type: UNKNOWN DSA-388 Source: DEBIAN Type: UNKNOWN DSA-443 Source: DEBIAN Type: DSA-388 kdebase -- several vulnerabilities Source: DEBIAN Type: DSA-443 xfree86 -- several vulnerabilities Source: CCN Type: GLSA-200311-01 kdebase: KDM vulnerabilities Source: CCN Type: K Desktop Environment (KDE) Web site K Desktop Environment Home (kde.org) Source: CCN Type: KDE Security Advisory KDM vulnerabilities Source: CONFIRM Type: Patch, Vendor Advisory http://www.kde.org/info/security/advisory-20030916-1.txt Source: MANDRAKE Type: UNKNOWN MDKSA-2003:091 Source: REDHAT Type: Patch, Vendor Advisory RHSA-2003:270 Source: REDHAT Type: UNKNOWN RHSA-2003:286 Source: REDHAT Type: UNKNOWN RHSA-2003:287 Source: REDHAT Type: UNKNOWN RHSA-2003:288 Source: REDHAT Type: UNKNOWN RHSA-2003:289 Source: CCN Type: BID-8635 KDE KDM PAM Module PAM_SetCred Privilege Escalation Vulnerability Source: CCN Type: TLSA-2003-59 Two issues have been discovered in KDM Source: XF Type: UNKNOWN kdm-pamkrb5-gain-privileges(13203) Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:193 Source: SUSE Type: SUSE-SA:2003:044 thttpd: remote privilege escalation/information leak Source: SUSE Type: SUSE-SA:2003:045 hylafax: remote code execution Source: SUSE Type: SUSE-SA:2003:046 sane: remote denial-of-service Source: SUSE Type: SUSE-SA:2003:047 bind8: cache poisoning/denial-of-service Source: SUSE Type: SUSE-SA:2003:049 Kernel brk() vulnerability: local root exploit Source: SUSE Type: SUSE-SA:2003:050 rsync: remote compromise | ||||||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||||||||||||||
| Oval Definitions | |||||||||||||||||||||
| |||||||||||||||||||||
| BACK | |||||||||||||||||||||