Lucene search

[email protected]CVE-2000-0393

HistoryJul 12, 2000 - 4:00 a.m.

CVE-2000-0393

2000-07-1204:00:00

[email protected]

web.nvd.nist.gov

cve-2000-0393

kde

kscd

user privilege

privilege escalation

nvd

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

7.1 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

21.4%

JSON

The KDE kscd program does not drop privileges when executing a program specified in a user’s SHELL environmental variable, which allows the user to gain privileges by specifying an alternate program to execute.

Affected configurations

NVD

Node

kdekdeMatch1.1

kdekdeMatch1.1.1

kdekdeMatch1.2

kdekdeMatch2.0_beta

CPENameOperatorVersion
kde:kdekdeeq1.1
kde:kdekdeeq1.1.1
kde:kdekdeeq1.2
kde:kdekdeeq2.0_beta

CPE	Name	Operator	Version
kde:kde	kde	eq	1.1
kde:kde	kde	eq	1.1.1
kde:kde	kde	eq	1.2
kde:kde	kde	eq	2.0_beta

References

archives.neohapsis.com/archives/bugtraq/2000-05/0172.html

www.novell.com/linux/security/advisories/suse_security_announce_50.html

www.securityfocus.com/bid/1206

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

7.1 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

21.4%

JSON

Related for CVE-2000-0393

cvelist1 nvd1