Search

published date: October 6, 2003

CVE-2003-0690 : KDM in KDE 3.1.3...

Description

KDM in KDE 3.1.3 and earlier does not verify whether the pam_setcred function call succeeds, which may allow attackers to gain root privileges by triggering error conditions within PAM modules, as demonstrated in certain configurations of the MIT pam_krb5 module.

Product(s):

  • KDE KDE 1.1.1
  • KDE KDE 1.1.2
  • KDE KDE 1.1
  • KDE KDE 1.2
  • KDE KDE 2.0.1
  • KDE KDE 2.0

Question to Ask Vendors:

  1. Can you confirm whether your systems are affected by CVE-2003-0690, and if so, what steps are you currently taking to mitigate this vulnerability?
  2. What is your estimated timeline for fully resolving CVE-2003-0690 in your products or services, and how will you communicate updates on this issue to us as your customer?

READY TO GET RESULTS YOU CAN TRUST?