| Vulnerability Name: | CVE-2003-0692 (CCN-13205) | ||||||||||||
| Assigned: | 2003-09-16 | ||||||||||||
| Published: | 2003-09-16 | ||||||||||||
| Updated: | 2017-10-11 | ||||||||||||
| Summary: | KDM in KDE 3.1.3 and earlier uses a weak session cookie generation algorithm that does not provide 128 bits of entropy, which allows attackers to guess session cookies via brute force methods and gain access to the user session. | ||||||||||||
| CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||||||
| CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
| ||||||||||||
| Vulnerability Type: | CWE-Other | ||||||||||||
| Vulnerability Consequences: | Bypass Security | ||||||||||||
| References: | Source: CCN Type: SGI Security Advisory 20031002-01-U SGI Advanced Linux Environment security update #3 Source: CCN Type: BugTraq Mailing List, Tue Sep 16 2003 - 14:44:27 CDT KDM vulnerabilities Source: MISC Type: UNKNOWN http://cert.uni-stuttgart.de/archive/suse/security/2002/12/msg00101.html Source: MITRE Type: CNA CVE-2003-0692 Source: CONECTIVA Type: UNKNOWN CLA-2003:747 Source: CCN Type: Conectiva Linux Security Announcement CLSA-2003:747 kde Source: BUGTRAQ Type: UNKNOWN 20030916 [KDE SECURITY ADVISORY] KDM vulnerabilities Source: CCN Type: RHSA-2003-269 Updated KDE packages fix security issues Source: CCN Type: RHSA-2003-270 kdebase security update Source: CCN Type: RHSA-2003-288 Updated XFree86 packages provide security and bug fixes Source: CCN Type: CIAC Information Bulletin N-150 Red Hat Updated KDE packages fix security issues Source: CCN Type: CIAC Information Bulletin O-027 Red Hat Updated XFree86 Packages Provide Security and Bug Fixes Source: DEBIAN Type: Patch, Vendor Advisory DSA-388 Source: DEBIAN Type: DSA-388 kdebase -- several vulnerabilities Source: CCN Type: GLSA-200311-01 kdebase: KDM vulnerabilities Source: CCN Type: K Desktop Environment (KDE) Web site K Desktop Environment Home (kde.org) Source: CCN Type: KDE Security Advisory KDM vulnerabilities Source: CONFIRM Type: Patch, Vendor Advisory http://www.kde.org/info/security/advisory-20030916-1.txt Source: MANDRAKE Type: UNKNOWN MDKSA-2003:091 Source: REDHAT Type: Patch, Vendor Advisory RHSA-2003:270 Source: REDHAT Type: UNKNOWN RHSA-2003:288 Source: CCN Type: BID-8636 KDE KDM Session Cookie Generation Weakness Source: CCN Type: TLSA-2003-59 Two issues have been discovered in KDM Source: XF Type: UNKNOWN kdm-cookie-weak-encryption(13205) Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:215 Source: SUSE Type: SUSE-SA:2003:044 thttpd: remote privilege escalation/information leak Source: SUSE Type: SUSE-SA:2003:045 hylafax: remote code execution Source: SUSE Type: SUSE-SA:2003:046 sane: remote denial-of-service Source: SUSE Type: SUSE-SA:2003:047 bind8: cache poisoning/denial-of-service Source: SUSE Type: SUSE-SA:2003:049 Kernel brk() vulnerability: local root exploit Source: SUSE Type: SUSE-SA:2003:050 rsync: remote compromise | ||||||||||||
| Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||||||
| Oval Definitions | |||||||||||||
| |||||||||||||
| BACK | |||||||||||||