4 matches found
CVE-2003-0690
KDM in KDE 3.1.3 and earlier does not verify whether the pamsetcred function call succeeds, which may allow attackers to gain root privileges by triggering error conditions within PAM modules, as demonstrated in certain configurations of the MIT pamkrb5 module...
CVE-2003-0690
Concretely, CVE-2003-0690 affects KDE kdebase (KDM in KDE 3.1.3 and earlier). The flaw is that kdebase does not verify whether pam_setcred succeeds, which can allow a root privilege escalation under certain PAM module configurations (notably MIT pam_krb5). Public sources in connected docs referen...
CVE-2003-0690
KDM in KDE 3.1.3 and earlier does not verify whether the pamsetcred function call succeeds, which may allow attackers to gain root privileges by triggering error conditions within PAM modules, as demonstrated in certain configurations of the MIT pamkrb5 module...
[KDE SECURITY ADVISORY] KDM vulnerabilities
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 KDE Security Advisory: KDM vulnerabilities Original Release Date: 2003-09-16 URL: http://www.kde.org/info/security/advisory-20030916-1.txt 0. References http://cert.uni-stuttgart.de/archive/suse/security/2002/12/ msg00101.html...