kdesu program in KDE2 (KDE before 2.2.0-6) does not properly verify the owner of a UNIX socket that is used to send a password, which allows local users to steal passwords and gain privileges.
2001-03-26T05:00:00.000
2025-04-03T01:03:51.193
Deferred
CVSSv2: 2.1 (LOW)
AV:L/AC:L/Au:N/C:P/I:N/A:N
3.9
2.9
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Operating System | conectiva | linux | 6.0 | Yes |
| Operating System | caldera | openlinux_edesktop | 2.4 | Yes |
| Operating System | mandrakesoft | mandrake_linux | 6.1 | Yes |
| Operating System | mandrakesoft | mandrake_linux | 7.0 | Yes |
| Operating System | mandrakesoft | mandrake_linux | 7.1 | Yes |
| Operating System | mandrakesoft | mandrake_linux | 7.2 | Yes |
| Operating System | mandrakesoft | mandrake_linux_corporate_server | 1.0.1 | Yes |
| Operating System | suse | suse_linux | 6.0 | Yes |
| Operating System | suse | suse_linux | 6.1 | Yes |
| Operating System | suse | suse_linux | 6.2 | Yes |
| Operating System | suse | suse_linux | 6.3 | Yes |
| Operating System | suse | suse_linux | 6.4 | Yes |
| Operating System | suse | suse_linux | 7.0 | Yes |