KDM in KDE 3.1.3 and earlier does not verify whether the pam_setcred function call succeeds, which may allow attackers to gain root privileges by triggering error conditions within PAM modules, as demonstrated in certain configurations of the MIT pam_krb5 module.
2003-10-06T04:00:00.000
2025-04-03T01:03:51.193
Deferred
CVSSv2: 10.0 (HIGH)
AV:N/AC:L/Au:N/C:C/I:C/A:C
10.0
10.0
Type | Vendor | Product | Version/Range | Vulnerable? |
---|---|---|---|---|
Operating System | kde | kde | 1.1 | Yes |
Operating System | kde | kde | 1.1.1 | Yes |
Operating System | kde | kde | 1.1.2 | Yes |
Operating System | kde | kde | 1.2 | Yes |
Operating System | kde | kde | 2.0 | Yes |
Operating System | kde | kde | 2.0.1 | Yes |
Operating System | kde | kde | 2.0_beta | Yes |
Operating System | kde | kde | 2.1 | Yes |
Operating System | kde | kde | 2.1.1 | Yes |
Operating System | kde | kde | 2.1.2 | Yes |
Operating System | kde | kde | 2.2 | Yes |
Operating System | kde | kde | 2.2.1 | Yes |
Operating System | kde | kde | 2.2.2 | Yes |
Operating System | kde | kde | 3.0 | Yes |
Operating System | kde | kde | 3.0.1 | Yes |
Operating System | kde | kde | 3.0.2 | Yes |
Operating System | kde | kde | 3.0.3 | Yes |
Operating System | kde | kde | 3.0.3a | Yes |
Operating System | kde | kde | 3.0.4 | Yes |
Operating System | kde | kde | 3.0.5 | Yes |
Operating System | kde | kde | 3.0.5a | Yes |
Operating System | kde | kde | 3.0.5b | Yes |
Operating System | kde | kde | 3.1 | Yes |
Operating System | kde | kde | 3.1.1 | Yes |
Operating System | kde | kde | 3.1.1a | Yes |
Operating System | kde | kde | 3.1.2 | Yes |
Operating System | kde | kde | 3.1.3 | Yes |