CVE-2003-0690 Common Vulnerabilities and Exposures

Upstream information

CVE-2003-0690 at MITRE

Description

KDM in KDE 3.1.3 and earlier does not verify whether the pam_setcred function call succeeds, which may allow attackers to gain root privileges by triggering error conditions within PAM modules, as demonstrated in certain configurations of the MIT pam_krb5 module.

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having critical severity.

CVSS v2 Scores
	National Vulnerability Database
Base Score	10
Vector	AV:N/AC:L/Au:N/C:C/I:C/A:C
Access Vector	Network
Access Complexity	Low
Authentication	None
Confidentiality Impact	Complete
Integrity Impact	Complete
Availability Impact	Complete

SUSE Bugzilla entries: 42907 [RESOLVED / FIXED], 48788 [RESOLVED / FIXED]

SUSE Security Advisories:

SuSE-SA:2003:044, published Friday, Oct 31st 2003 13:04 MEST
SuSE-SA:2003:045, published Mon Nov 10 15:00:00 CET 2003
SuSE-SA:2003:046, published Tuesday, Nov 18th 2003 14:30 MEST
SuSE-SA:2003:047, published Friday, Nov 28th 2003 15:30 MEST
SuSE-SA:2003:049, published Thursday, December 4th 2003 15:30 MET
SuSE-SA:2003:050, published Thursday, Dec 4th 2003 14:30 MET

SUSE Timeline for this CVE

CVE page created: Fri Jun 28 00:26:23 2013
CVE page last modified: Fri Dec 8 16:09:02 2023