CVE-2003-0690
Vulnerability from cvelistv5
Published
2003-09-18 04:00
Modified
2024-08-08 02:05
Severity ?
EPSS score ?
Summary
KDM in KDE 3.1.3 and earlier does not verify whether the pam_setcred function call succeeds, which may allow attackers to gain root privileges by triggering error conditions within PAM modules, as demonstrated in certain configurations of the MIT pam_krb5 module.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:05:12.192Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "CLA-2003:747",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000747"
},
{
"name": "oval:org.mitre.oval:def:193",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A193"
},
{
"name": "20030916 [KDE SECURITY ADVISORY] KDM vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=106374551513499\u0026w=2"
},
{
"name": "DSA-443",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2004/dsa-443"
},
{
"name": "RHSA-2003:289",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-289.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://cert.uni-stuttgart.de/archive/suse/security/2002/12/msg00101.html"
},
{
"name": "RHSA-2003:287",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-287.html"
},
{
"name": "RHSA-2003:270",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-270.html"
},
{
"name": "RHSA-2003:286",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-286.html"
},
{
"name": "DSA-388",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2003/dsa-388"
},
{
"name": "MDKSA-2003:091",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:091"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.kde.org/info/security/advisory-20030916-1.txt"
},
{
"name": "RHSA-2003:288",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-288.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-09-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "KDM in KDE 3.1.3 and earlier does not verify whether the pam_setcred function call succeeds, which may allow attackers to gain root privileges by triggering error conditions within PAM modules, as demonstrated in certain configurations of the MIT pam_krb5 module."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "CLA-2003:747",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000747"
},
{
"name": "oval:org.mitre.oval:def:193",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A193"
},
{
"name": "20030916 [KDE SECURITY ADVISORY] KDM vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=106374551513499\u0026w=2"
},
{
"name": "DSA-443",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2004/dsa-443"
},
{
"name": "RHSA-2003:289",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-289.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://cert.uni-stuttgart.de/archive/suse/security/2002/12/msg00101.html"
},
{
"name": "RHSA-2003:287",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-287.html"
},
{
"name": "RHSA-2003:270",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-270.html"
},
{
"name": "RHSA-2003:286",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-286.html"
},
{
"name": "DSA-388",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2003/dsa-388"
},
{
"name": "MDKSA-2003:091",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:091"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.kde.org/info/security/advisory-20030916-1.txt"
},
{
"name": "RHSA-2003:288",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-288.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0690",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "KDM in KDE 3.1.3 and earlier does not verify whether the pam_setcred function call succeeds, which may allow attackers to gain root privileges by triggering error conditions within PAM modules, as demonstrated in certain configurations of the MIT pam_krb5 module."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "CLA-2003:747",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000747"
},
{
"name": "oval:org.mitre.oval:def:193",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A193"
},
{
"name": "20030916 [KDE SECURITY ADVISORY] KDM vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=106374551513499\u0026w=2"
},
{
"name": "DSA-443",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2004/dsa-443"
},
{
"name": "RHSA-2003:289",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-289.html"
},
{
"name": "http://cert.uni-stuttgart.de/archive/suse/security/2002/12/msg00101.html",
"refsource": "MISC",
"url": "http://cert.uni-stuttgart.de/archive/suse/security/2002/12/msg00101.html"
},
{
"name": "RHSA-2003:287",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-287.html"
},
{
"name": "RHSA-2003:270",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-270.html"
},
{
"name": "RHSA-2003:286",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-286.html"
},
{
"name": "DSA-388",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2003/dsa-388"
},
{
"name": "MDKSA-2003:091",
"refsource": "MANDRAKE",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:091"
},
{
"name": "http://www.kde.org/info/security/advisory-20030916-1.txt",
"refsource": "CONFIRM",
"url": "http://www.kde.org/info/security/advisory-20030916-1.txt"
},
{
"name": "RHSA-2003:288",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-288.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-0690",
"datePublished": "2003-09-18T04:00:00",
"dateReserved": "2003-08-14T00:00:00",
"dateUpdated": "2024-08-08T02:05:12.192Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2003-0690\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2003-10-06T04:00:00.000\",\"lastModified\":\"2024-11-20T23:45:18.547\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"KDM in KDE 3.1.3 and earlier does not verify whether the pam_setcred function call succeeds, which may allow attackers to gain root privileges by triggering error conditions within PAM modules, as demonstrated in certain configurations of the MIT pam_krb5 module.\"},{\"lang\":\"es\",\"value\":\"KDM en KDE 3.1.3 y anteriores no verifica si la llamada a la funci\u00f3n pam_setcred tiene \u00e9xito, lo que podr\u00eda permitir a atacantes ganar privilegios de root disparando condiciones de error en m\u00f3dulo PAM, como se demostr\u00f3 en ciertas configuraciones del m\u00f3dulo pam_krb5 del MIT.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":10.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":true,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:kde:kde:1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"55B38F8C-9451-441B-BCD8-E41C1A2231DD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:kde:kde:1.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D04A4717-229D-4E20-8FD2-DC13757B0AC5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:kde:kde:1.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F472ECE0-821E-4A20-B6FC-CC4FC5D1BA36\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:kde:kde:1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D6767505-CFD5-4C66-A67A-4740E2994CC8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:kde:kde:2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6671EEE2-8CEC-41C7-9CF2-23D92A1B3DE8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:kde:kde:2.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B4F3ACDA-8DB4-4E59-B673-021CEBD03D8C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:kde:kde:2.0_beta:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FC14C38A-AAA8-463E-AA7C-F16C6CB3A3EE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:kde:kde:2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8C5E480F-A87E-4583-BC75-8596206C0895\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:kde:kde:2.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2EF4C94E-54BB-44DB-BB7D-841419C4D3A1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:kde:kde:2.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B292C704-EDFA-4060-90DF-0A3906DB0AC9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:kde:kde:2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B5DBFB51-48EB-41E5-9712-0A5368EE56A8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:kde:kde:2.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EEAE9343-7A7F-4CB0-8CEF-52D61BD689C3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:kde:kde:2.2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3F531972-E0A7-4E7C-A899-3766CEAAE2EF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:kde:kde:3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4CEED379-3111-4451-B782-8C66CE568A1C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:kde:kde:3.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B146FCD3-F6E7-4412-94FD-F9E66089C227\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:kde:kde:3.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"99CB51E4-0BFC-4C7C-B9EE-3DBCB0188D73\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:kde:kde:3.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C629F0C8-C765-4076-B426-80929F9CE285\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:kde:kde:3.0.3a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E107A931-B670-42A8-9F75-EEA0EF3D09B5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:kde:kde:3.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"671D1461-4AB4-4FB6-977D-733888A1BA9B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:kde:kde:3.0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E268EFFF-6B28-4C64-B052-AFA3BB1E709F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:kde:kde:3.0.5a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CF9B6CD2-7343-4D68-BEC6-A7BB0E0F0962\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:kde:kde:3.0.5b:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"21AC6FAB-45DF-4DE1-AADD-7DCA3AF0051E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:kde:kde:3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1F98A556-D640-40F1-92C2-FC262F50F5C8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:kde:kde:3.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B7E2C256-8E9F-4D12-ABF4-FECE06B52CAA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:kde:kde:3.1.1a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ECBCF55E-336B-420E-A154-609C02BB9FEE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:kde:kde:3.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"33AF934D-B51B-4A81-BC47-FFEAB9A62C30\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:kde:kde:3.1.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4A3096F2-B0F1-45E1-806D-6434DE56619A\"}]}]}],\"references\":[{\"url\":\"http://cert.uni-stuttgart.de/archive/suse/security/2002/12/msg00101.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000747\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=106374551513499\u0026w=2\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.debian.org/security/2003/dsa-388\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.debian.org/security/2004/dsa-443\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.kde.org/info/security/advisory-20030916-1.txt\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDKSA-2003:091\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2003-270.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2003-286.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2003-287.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2003-288.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2003-289.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A193\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://cert.uni-stuttgart.de/archive/suse/security/2002/12/msg00101.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000747\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=106374551513499\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.debian.org/security/2003/dsa-388\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.debian.org/security/2004/dsa-443\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.kde.org/info/security/advisory-20030916-1.txt\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDKSA-2003:091\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2003-270.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2003-286.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2003-287.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2003-288.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2003-289.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A193\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.