Description
KDM in KDE 3.1.3 and earlier does not verify whether the pam_setcred function call succeeds, which may allow attackers to gain root privileges by triggering error conditions within PAM modules, as demonstrated in certain configurations of the MIT pam_krb5 module.
Product(s):
- KDE KDE 1.1.1
- KDE KDE 1.1.2
- KDE KDE 1.1
- KDE KDE 1.2
- KDE KDE 2.0.1
- KDE KDE 2.0
- KDE KDE 2.0 Beta
- KDE KDE 2.1.1
- KDE KDE 2.1.2
- KDE KDE 2.1
- KDE KDE 2.2.1
- KDE KDE 2.2.2
- KDE KDE 2.2
- KDE KDE 3.0.1
- KDE KDE 3.0.2
- KDE KDE 3.0.3
- KDE KDE 3.0.3a
- KDE KDE 3.0.4
- KDE KDE 3.0.5
- KDE KDE 3.0.5a
- KDE KDE 3.0.5b
- KDE KDE 3.0
- KDE KDE 3.1.1
- KDE KDE 3.1.1a
- KDE KDE 3.1.2
- KDE KDE 3.1.3
- KDE 3.1
Question to Ask Vendors:
- Can you confirm whether your systems are affected by CVE-2003-0690, and if so, what steps are you currently taking to mitigate this vulnerability?
- What is your estimated timeline for fully resolving CVE-2003-0690 in your products or services, and how will you communicate updates on this issue to us as your customer?
Recommended Actions:
- Check out the advisory links provided below.