3 matches found
Mandrake Linux Security Advisory : kdebase (MDKSA-2003:091)
A vulnerability was discovered in all versions of KDE 2.2.0 up to and including 3.1.3. KDM does not check for successful completion of the pamsetcred call and in the case of error conditions in the installed PAM modules, KDM may grant local root access to any user with valid login credentials. It...
Mandrake Linux Security Advisory : XFree86 (MDKSA-2003:118)
A vulnerability was discovered in the XDM display manager that ships with XFree86. XDM does not check for successful completion of the pamsetcred call and in the case of error conditions in the installed PAM modules, XDM may grant local root access to any user with valid login credentials. It has...
CVE-2003-0690
KDM in KDE 3.1.3 and earlier does not verify whether the pamsetcred function call succeeds, which may allow attackers to gain root privileges by triggering error conditions within PAM modules, as demonstrated in certain configurations of the MIT pamkrb5 module...