CVE-2003-0690

Published: Oct 6, 2003Modified: Apr 16, 2026

10.0

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability: 10.0 / Impact: 10.0

Source: NVD

Description

KDM in KDE 3.1.3 and earlier does not verify whether the pam_setcred function call succeeds, which may allow attackers to gain root privileges by triggering error conditions within PAM modules, as demonstrated in certain configurations of the MIT pam_krb5 module.

Affected (27)

Products: Kde: Kde

1 product

Configuration A

27 vulnerable

Vulnerable Software	Affected Versions
Kde Kde	Version 1.1.1
Kde Kde	Version 1.1.2
Kde Kde	Version 1.1
Kde Kde	Version 1.2
Kde Kde	Version 2.0.1
Kde Kde	Version 2.0
Kde Kde	Version 2.0_beta
Kde Kde	Version 2.1.1
Kde Kde	Version 2.1.2
Kde Kde	Version 2.1
Kde Kde	Version 2.2.1
Kde Kde	Version 2.2.2
Kde Kde	Version 2.2
Kde Kde	Version 3.0.1
Kde Kde	Version 3.0.2
Kde Kde	Version 3.0.3
Kde Kde	Version 3.0.3a
Kde Kde	Version 3.0.4
Kde Kde	Version 3.0.5
Kde Kde	Version 3.0.5a
Kde Kde	Version 3.0.5b
Kde Kde	Version 3.0
Kde Kde	Version 3.1.1
Kde Kde	Version 3.1.1a
Kde Kde	Version 3.1.2
Kde Kde	Version 3.1.3
Kde Kde	Version 3.1

References (26)

http://cert.uni-stuttgart.de/archive/suse/security/2002/12/msg00101.html

Source: cve@mitre.org

http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000747

Source: cve@mitre.org

http://marc.info/?l=bugtraq&m=106374551513499&w=2

Source: cve@mitre.org

http://www.debian.org/security/2003/dsa-388

Source: cve@mitre.org

http://www.debian.org/security/2004/dsa-443

Source: cve@mitre.org

http://www.kde.org/info/security/advisory-20030916-1.txt

Source: cve@mitre.org

PatchVendor Advisory

http://www.mandriva.com/security/advisories?name=MDKSA-2003:091

Source: cve@mitre.org

http://www.redhat.com/support/errata/RHSA-2003-270.html

Source: cve@mitre.org

PatchVendor Advisory

http://www.redhat.com/support/errata/RHSA-2003-286.html

Source: cve@mitre.org

http://www.redhat.com/support/errata/RHSA-2003-287.html

Source: cve@mitre.org

http://www.redhat.com/support/errata/RHSA-2003-288.html

Source: cve@mitre.org

http://www.redhat.com/support/errata/RHSA-2003-289.html

Source: cve@mitre.org

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A193

Source: cve@mitre.org

http://cert.uni-stuttgart.de/archive/suse/security/2002/12/msg00101.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000747

Source: af854a3a-2127-422b-91ae-364da2661108

http://marc.info/?l=bugtraq&m=106374551513499&w=2

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.debian.org/security/2003/dsa-388

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.debian.org/security/2004/dsa-443

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.kde.org/info/security/advisory-20030916-1.txt

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://www.mandriva.com/security/advisories?name=MDKSA-2003:091

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.redhat.com/support/errata/RHSA-2003-270.html

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://www.redhat.com/support/errata/RHSA-2003-286.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.redhat.com/support/errata/RHSA-2003-287.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.redhat.com/support/errata/RHSA-2003-288.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.redhat.com/support/errata/RHSA-2003-289.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A193

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.