Vulnerability Name:

CVE-2016-3100 (CCN-115328)

Assigned:2016-03-10
Published:2016-03-10
Updated:2018-10-30
Summary:kinit in KDE Frameworks before 5.23.0 uses weak permissions (644) for /tmp/xauth-xxx-_y, which allows local users to obtain X11 cookies of other users and consequently capture keystrokes and possibly gain privileges by reading the file.
CVSS v3 Severity:8.4 High (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
7.3 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L)
4.6 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:2.1 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
4.3 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:S/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-200
Vulnerability Consequences:Gain Privileges
References:Source: MITRE
Type: CNA
CVE-2016-3100

Source: SUSE
Type: UNKNOWN
openSUSE-SU-2016:1723

Source: CCN
Type: KDE Web site
Release of KDE Frameworks 5.23.0

Source: CONFIRM
Type: UNKNOWN
http://www.kde.com/announcements/kde-frameworks-5.23.0.php

Source: BID
Type: UNKNOWN
91769

Source: CCN
Type: BID-91769
KDE Frameworks CVE-2016-3100 Weak Permissions Local Privilege Escalation Vulnerability

Source: CCN
Type: KDE Bugtracking System - Bug 358593
kdeinit5 create /tmp/xauth-xxx-_y with inappropriate permission.

Source: CONFIRM
Type: UNKNOWN
https://bugs.kde.org/show_bug.cgi?id=358593

Source: CONFIRM
Type: UNKNOWN
https://bugs.kde.org/show_bug.cgi?id=363140

Source: XF
Type: UNKNOWN
kde-cve20163100-priv-esc(115328)

Source: CONFIRM
Type: UNKNOWN
https://quickgit.kde.org/?p=kinit.git&a=commitdiff&h=72f3702dbe6cf15c06dc13da2c99c864e9022a58

Source: CONFIRM
Type: UNKNOWN
https://quickgit.kde.org/?p=kinit.git&a=commitdiff&h=dece8fd89979cd1a86c03bcaceef6e9221e8d8cd

Source: CONFIRM
Type: UNKNOWN
https://www.kde.org/info/security/advisory-20160621-1.txt

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2016-3100

Vulnerable Configuration:Configuration 1:
  • cpe:/o:opensuse:leap:42.1:*:*:*:*:*:*:*
  • OR cpe:/o:opensuse:opensuse:13.2:*:*:*:*:*:*:*

    • Configuration 2:
  • cpe:/a:kde:kde_frameworks:*:*:*:*:*:*:*:* (Version <= 5.22.0)

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20163100
    V
    		CVE-2016-3100
    2022-06-30
    oval:org.opensuse.security:def:112510
    P
    		kinit-32bit-5.29.0-1.1 on GA media (Moderate)
    2022-01-17
    oval:org.opensuse.security:def:106001
    P
    		kinit-32bit-5.29.0-1.1 on GA media (Moderate)
    2021-10-01
    oval:org.opensuse.security:def:5079
    P
    		Security update for the Linux Kernel (Important)
    2021-07-20
    oval:org.opensuse.security:def:5066
    P
    		Security update for gupnp (Important)
    2021-06-18
    oval:org.opensuse.security:def:5739
    P
    		Security update for containerd, docker, runc (Important)
    2021-06-11
    oval:org.opensuse.security:def:5057
    P
    		Security update for spice (Important)
    2021-06-08
    oval:org.opensuse.security:def:5717
    P
    		Security update for polkit (Important)
    2021-06-03
    oval:org.opensuse.security:def:5015
    P
    		Security update for xorg-x11-server (Important)
    2021-04-13
    oval:org.opensuse.security:def:5048
    P
    		Security update for dovecot22 (Important)
    2021-01-04
    oval:org.opensuse.security:def:4881
    P
    		Security update for squid (Important)
    2020-12-02
    oval:org.opensuse.security:def:4766
    P
    		Security update for xen (Important)
    2020-12-02
    oval:org.opensuse.security:def:4896
    P
    		Security update for ovmf (Moderate)
    2020-12-02
    oval:org.opensuse.security:def:4788
    P
    		Security update for qemu (Important)
    2020-12-02
    oval:org.opensuse.security:def:4915
    P
    		Security update for squid (Moderate)
    2020-12-02
    oval:org.opensuse.security:def:4834
    P
    		Security update for libvirt (Important)
    2020-12-02
    oval:org.opensuse.security:def:4990
    P
    		Security update for nodejs8 (Important)
    2020-12-02
    oval:org.opensuse.security:def:4758
    P
    		Security update for squid (Important)
    2020-12-02
    oval:com.ubuntu.xenial:def:20163100000
    V
    		CVE-2016-3100 on Ubuntu 16.04 LTS (xenial) - medium.
    2016-07-13
    oval:com.ubuntu.xenial:def:201631000000000
    V
    		CVE-2016-3100 on Ubuntu 16.04 LTS (xenial) - medium.
    2016-07-13
    BACK
    opensuse leap 42.1
    opensuse opensuse 13.2
    kde kde frameworks *