CVE-2003-0690
CVSS10.0
发布时间 :2003-10-06 00:00:00
修订时间 :2016-10-17 22:36:35
NMCOPS    

[原文]KDM in KDE 3.1.3 and earlier does not verify whether the pam_setcred function call succeeds, which may allow attackers to gain root privileges by triggering error conditions within PAM modules, as demonstrated in certain configurations of the MIT pam_krb5 module.


[CNNVD]KDE KDM PAM模块PAM_SetCred权限提升漏洞(CNNVD-200310-005)

        
        KDE是一款免费开放源代码X桌面管理程序,设计用于Unix和Linux操作系统。
        KDE Display Manager当结合使用PAM验证模块时存在问题,远程攻击者可以利用这个漏洞未授权访问系统。
        KDM在处理pam_setcred()函数调用时存在问题,部分配置下MIT pam_krb5模块会导致pam_setcred()调用失败而使会话依旧处于存活状态,普通用户拥有合法帐户名和密码可以以ROOT权限访问系统。
        

- CVSS (基础分值)

CVSS分值: 10 [严重(HIGH)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

cpe:/o:kde:kde:1.2
cpe:/o:kde:kde:2.0
cpe:/o:kde:kde:1.1
cpe:/o:kde:kde:2.1
cpe:/o:kde:kde:3.0
cpe:/o:kde:kde:2.2
cpe:/o:kde:kde:3.1
cpe:/o:kde:kde:2.0_beta
cpe:/o:kde:kde:1.1.1
cpe:/o:kde:kde:2.0.1
cpe:/o:kde:kde:3.0.5b
cpe:/o:kde:kde:3.0.3a
cpe:/o:kde:kde:2.2.2
cpe:/o:kde:kde:3.0.5a
cpe:/o:kde:kde:3.0.2
cpe:/o:kde:kde:3.1.1
cpe:/o:kde:kde:3.0.1
cpe:/o:kde:kde:3.0.5
cpe:/o:kde:kde:3.0.4
cpe:/o:kde:kde:3.1.3
cpe:/o:kde:kde:3.0.3
cpe:/o:kde:kde:3.1.2
cpe:/o:kde:kde:2.1.2
cpe:/o:kde:kde:2.2.1
cpe:/o:kde:kde:2.1.1
cpe:/o:kde:kde:3.1.1a
cpe:/o:kde:kde:1.1.2

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:193KDM pam_setcred Privilege Escalation Vulnerability
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0690
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2003-0690
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200310-005
(官方数据源) CNNVD

- 其它链接及资源

http://cert.uni-stuttgart.de/archive/suse/security/2002/12/msg00101.html
(UNKNOWN)  MISC  http://cert.uni-stuttgart.de/archive/suse/security/2002/12/msg00101.html
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000747
(UNKNOWN)  CONECTIVA  CLA-2003:747
http://marc.info/?l=bugtraq&m=106374551513499&w=2
(UNKNOWN)  BUGTRAQ  20030916 [KDE SECURITY ADVISORY] KDM vulnerabilities
http://www.debian.org/security/2003/dsa-388
(UNKNOWN)  DEBIAN  DSA-388
http://www.debian.org/security/2004/dsa-443
(UNKNOWN)  DEBIAN  DSA-443
http://www.kde.org/info/security/advisory-20030916-1.txt
(VENDOR_ADVISORY)  CONFIRM  http://www.kde.org/info/security/advisory-20030916-1.txt
http://www.mandriva.com/security/advisories?name=MDKSA-2003:091
(UNKNOWN)  MANDRAKE  MDKSA-2003:091
http://www.redhat.com/support/errata/RHSA-2003-270.html
(VENDOR_ADVISORY)  REDHAT  RHSA-2003:270
http://www.redhat.com/support/errata/RHSA-2003-286.html
(UNKNOWN)  REDHAT  RHSA-2003:286
http://www.redhat.com/support/errata/RHSA-2003-287.html
(UNKNOWN)  REDHAT  RHSA-2003:287
http://www.redhat.com/support/errata/RHSA-2003-288.html
(UNKNOWN)  REDHAT  RHSA-2003:288
http://www.redhat.com/support/errata/RHSA-2003-289.html
(UNKNOWN)  REDHAT  RHSA-2003:289

- 漏洞信息

KDE KDM PAM模块PAM_SetCred权限提升漏洞
危急 设计错误
2003-10-06 00:00:00 2005-10-20 00:00:00
远程  
        
        KDE是一款免费开放源代码X桌面管理程序,设计用于Unix和Linux操作系统。
        KDE Display Manager当结合使用PAM验证模块时存在问题,远程攻击者可以利用这个漏洞未授权访问系统。
        KDM在处理pam_setcred()函数调用时存在问题,部分配置下MIT pam_krb5模块会导致pam_setcred()调用失败而使会话依旧处于存活状态,普通用户拥有合法帐户名和密码可以以ROOT权限访问系统。
        

- 公告与补丁

        厂商补丁:
        KDE
        ---
        目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载相关补丁:
         KDE 2.2.2
         ftp://ftp.kde.org/pub/kde/security_patches :
         4672868343b26e0c0eae91fffeff1f7e post-2.2.2-kdebase-kdm.patch
         KDE 3.0.5b
         ftp://ftp.kde.org/pub/kde/security_patches :
         fde237203fc7b325c34d2f90a463db3f post-3.0.5-kdebase-kdm.patch
         KDE 3.1.3
         ftp://ftp.kde.org/pub/kde/security_patches :
         8553c20798b321e333d8c516636f2297 post-3.1.3-kdebase-kdm.patch
        或升级到KDE 3.1.4版本。

- 漏洞信息 (F31664)

KDE Security Advisory 2003-09-16.1 (PacketStormID:F31664)
2003-09-18 00:00:00
KDE Desktop  kde.org
advisory,root,vulnerability
CVE-2003-0690,CVE-2003-0692
[点击下载]

KDE Security Advisory: KDE version 3.1.3 and below has multiple vulnerabilities in KDM. KDM fails to check for successful completion of the pam_setcred() call which may leave a user with root access. It also has a weak cookie generation algorithm that allows easy brute forcing of session cookies.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



KDE Security Advisory: KDM vulnerabilities
Original Release Date: 2003-09-16
URL: http://www.kde.org/info/security/advisory-20030916-1.txt

0. References
        http://cert.uni-stuttgart.de/archive/suse/security/2002/12/msg00101.html
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0690
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0692


1. Systems affected:

        All versions of KDM as distributed with KDE up to and including 
        KDE 3.1.3.


2. Overview:

        Two issues have been discovered in KDM:

            a) CAN-2003-0690:
               Privilege escalation with specific PAM modules
            b) CAN-2003-0692:
               Session cookies generated by KDM are potentially insecure

        KDM does not check for successful completion of the pam_setcred()
        call. In case of error conditions in the installed PAM modules, KDM
        might grant local root access to any user with valid login 
        credentials.

        It has been reported that a certain configuration of the MIT pam_krb5
        module can result in a failing pam_setcred() call leaving the 
        session alive and providing root access to a regular user.

        The Common Vulnerabilities and Exposures project (cve.mitre.org)
        has assigned the name CAN-2003-0690 to this issue.

        Additionally the session cookie generation algorithm used by KDM was
        considered too weak to supply full 128 bits of entropy. This enables
        non-authorized users to brute-force the session cookie.

        The Common Vulnerabilities and Exposures project (cve.mitre.org)
        has assigned the name CAN-2003-0692 to this issue.


3. Impact:

        If KDM is used in combination with the MIT pam_krb5 module and given
        a valid username and password of an existing user, the login attempt
        succeeds and establishes a session with excessive privileges. This
        may enable a local root compromise of the system. 

        It is possible that the same vulnerability exists if KDM is used 
        with other PAM modules. At the date of this advisory we are however
        not aware of any other PAM module being affected by this
        vulnerability.

        The weak cookie generation may allow non-authorized users to guess
        the session cookie by a brute force attack, which allows, assuming
        hostname / IP restrictions can be bypassed, to authorize to the running
        session and gain full access to it. 


4. Solution:

        a) Privilege escalation with specific PAM modules:

        The patch listed in section 5 adds error checking to KDM and
        aborts the login attempt if an error occurs during the 
        pam_setcred() call.

        There is no intermediate workaround known. Users who do not use
        PAM with KDM and users who use PAM with regular Unix crypt/MD5 based
        authentication are not affected. 

        b) Weak cookie generation:

        The patch listed in section 5 adds a new cookie generation algorithm,
        which uses /dev/urandom as non-predictable source of entropy. 

        Users of KDE 2.2.2 are advised to upgrade to KDE 3.1.4. A patch for
        KDE 2.2.2 is available for users who are unable to upgrade to 
        KDE 3.1.

        Users of KDE 3.0.x are advised to upgrade to KDE 3.1.4. A patch for
        KDE 3.0.5b is available for users who are unable to upgrade to 
        KDE 3.1.

        Users of KDE 3.1.x are advised to upgrade to KDE 3.1.4.


5. Patch:

        A patch for KDE 2.2.2 is available from 
        ftp://ftp.kde.org/pub/kde/security_patches :

        4672868343b26e0c0eae91fffeff1f7e  post-2.2.2-kdebase-kdm.patch

        A patch for KDE 3.0.5b is available from
        ftp://ftp.kde.org/pub/kde/security_patches :

        fde237203fc7b325c34d2f90a463db3f  post-3.0.5-kdebase-kdm.patch

        A patch for KDE 3.1.3 is available from
        ftp://ftp.kde.org/pub/kde/security_patches : 

        8553c20798b321e333d8c516636f2297  post-3.1.3-kdebase-kdm.patch


6. Time line and credits:

        12/06/2002 Posting on suse-security mailing list describing the 
                   PAM vulnerability.
        08/06/2003 Notification of KDE Security and the KDM maintainer 
                   about the PAM vulnerability by Stephan Kulow.
        08/09/2003 Patches for the PAM vulnerability applied to KDE CVS.
        08/20/2003 George Lebl notifies Oswald Buddenhagen about weak
                   session cookie generation in KDM.
        08/26/2003 Impact analysis and advisory finished.
        09/04/2003 Patches for the weak cookie vulnerability applied to CVS.
        09/16/2003 Public advisory.


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2-rc1-SuSE (GNU/Linux)

iD8DBQE/Z1fBvsXr+iuy1UoRAi02AJ90TqHxCeqzqGJrN3jS7mRSd9u5xQCg6/Do
LB3tubiwfy8TUy5rL7B8UFY=
=2tbX
-----END PGP SIGNATURE-----
    

- 漏洞信息

4773
KDE KDM pam_setcred() Function Error Condition Privilege Escalation

- 漏洞描述

Unknown or Incomplete

- 时间线

2003-09-16 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

KDE KDM PAM Module PAM_SetCred Privilege Escalation Vulnerability
Design Error 8635
Yes No
2003-09-16 12:00:00 2009-07-11 11:56:00
Vulnerability disclosed by an unidentified source.

- 受影响的程序版本

SGI ProPack 2.3
SGI ProPack 2.2.1
RedHat XFree86-Xvfb-4.2.0-8.i386.rpm
RedHat XFree86-Xvfb-4.2.0-72.i386.rpm
RedHat XFree86-Xvfb-4.1.0-3.ia64.rpm
+ RedHat Linux 7.2 ia64
RedHat XFree86-Xvfb-4.1.0-3.i386.rpm
RedHat XFree86-Xvfb-4.0.3-5.i386.rpm
+ RedHat Linux 7.1 i386
RedHat XFree86-Xnest-4.2.0-8.i386.rpm
+ RedHat Linux 7.3 i386
RedHat XFree86-Xnest-4.2.0-72.i386.rpm
+ RedHat Linux 8.0 i386
RedHat XFree86-Xnest-4.1.0-3.ia64.rpm
+ RedHat Linux 7.2 ia64
RedHat XFree86-Xnest-4.1.0-3.i386.rpm
+ RedHat Linux 7.2 i386
RedHat XFree86-Xnest-4.0.3-5.i386.rpm
RedHat XFree86-xfs-4.2.0-8.i386.rpm
+ RedHat Linux 7.3 i386
RedHat XFree86-xfs-4.2.0-72.i386.rpm
+ RedHat Linux 8.0 i386
RedHat XFree86-xfs-4.1.0-3.ia64.rpm
RedHat XFree86-xfs-4.1.0-3.i386.rpm
+ RedHat Linux 7.2 i386
RedHat XFree86-xfs-4.0.3-5.i386.rpm
RedHat XFree86-xf86cfg-4.2.0-8.i386.rpm
+ RedHat Linux 7.3 i386
RedHat XFree86-xf86cfg-4.1.0-3.i386.rpm
+ RedHat Linux 7.2 i386
RedHat XFree86-xf86cfg-4.0.3-5.i386.rpm
RedHat XFree86-xdm-4.2.0-8.i386.rpm
RedHat XFree86-xdm-4.2.0-72.i386.rpm
+ RedHat Linux 8.0 i386
RedHat XFree86-xdm-4.1.0-3.ia64.rpm
+ RedHat Linux 7.2 ia64
RedHat XFree86-xdm-4.1.0-3.i386.rpm
RedHat XFree86-xdm-4.0.3-5.i386.rpm
RedHat XFree86-xauth-4.2.0-72.i386.rpm
RedHat XFree86-twm-4.2.0-8.i386.rpm
+ RedHat Linux 7.3 i386
RedHat XFree86-twm-4.2.0-72.i386.rpm
RedHat XFree86-twm-4.1.0-3.ia64.rpm
+ RedHat Linux 7.2 ia64
RedHat XFree86-twm-4.1.0-3.i386.rpm
+ RedHat Linux 7.2 i386
RedHat XFree86-twm-4.0.3-5.i386.rpm
+ RedHat Linux 7.1 i386
RedHat XFree86-truetype-fonts-4.2.0-8.i386.rpm
RedHat XFree86-truetype-fonts-4.2.0-72.i386.rpm
+ RedHat Linux 8.0 i386
RedHat XFree86-tools-4.2.0-8.i386.rpm
+ RedHat Linux 7.3 i386
RedHat XFree86-tools-4.2.0-72.i386.rpm
+ RedHat Linux 8.0 i386
RedHat XFree86-tools-4.1.0-3.ia64.rpm
+ RedHat Linux 7.2 ia64
RedHat XFree86-tools-4.1.0-3.i386.rpm
RedHat XFree86-tools-4.0.3-5.i386.rpm
+ RedHat Linux 7.1 i386
RedHat XFree86-Mesa-libGLU-4.2.0-72.i386.rpm
RedHat XFree86-Mesa-libGL-4.2.0-72.i386.rpm
+ RedHat Linux 8.0 i386
RedHat XFree86-libs-4.2.0-8.i386.rpm
RedHat XFree86-libs-4.2.0-72.i386.rpm
RedHat XFree86-libs-4.1.0-3.ia64.rpm
RedHat XFree86-libs-4.1.0-3.i386.rpm
+ RedHat Linux 7.2 i386
RedHat XFree86-libs-4.0.3-5.i386.rpm
+ RedHat Linux 7.1 i386
RedHat XFree86-ISO8859-9-75dpi-fonts-4.2.0-8.i386.rpm
RedHat XFree86-ISO8859-9-75dpi-fonts-4.2.0-72.i386.rpm
+ RedHat Linux 8.0 i386
RedHat XFree86-ISO8859-9-75dpi-fonts-4.1.0-3.ia64.rpm
+ RedHat Linux 7.2 ia64
RedHat XFree86-ISO8859-9-75dpi-fonts-4.1.0-3.i386.rpm
RedHat XFree86-ISO8859-9-75dpi-fonts-2.1.2-16.noarch.rpm
+ RedHat Linux 7.1 i386
RedHat XFree86-ISO8859-9-100dpi-fonts-4.2.0-8.i386.rpm
+ RedHat Linux 7.3 i386
RedHat XFree86-ISO8859-9-100dpi-fonts-4.2.0-72.i386.rpm
RedHat XFree86-ISO8859-9-100dpi-fonts-4.1.0-3.ia64.rpm
+ RedHat Linux 7.2 ia64
RedHat XFree86-ISO8859-9-100dpi-fonts-4.1.0-3.i386.rpm
+ RedHat Linux 7.2 i386
RedHat XFree86-ISO8859-9-100dpi-fonts-2.1.2-16.noarch.rpm
+ RedHat Linux 7.1 i386
RedHat XFree86-ISO8859-2-75dpi-fonts-4.2.0-8.i386.rpm
RedHat XFree86-ISO8859-2-75dpi-fonts-4.2.0-72.i386.rpm
+ RedHat Linux 8.0 i386
RedHat XFree86-ISO8859-2-75dpi-fonts-4.1.0-3.ia64.rpm
RedHat XFree86-ISO8859-2-75dpi-fonts-4.1.0-3.i386.rpm
+ RedHat Linux 7.2 i386
RedHat XFree86-ISO8859-2-75dpi-fonts-4.0.3-5.i386.rpm
RedHat XFree86-ISO8859-2-100dpi-fonts-4.2.0-8.i386.rpm
+ RedHat Linux 7.3 i386
RedHat XFree86-ISO8859-2-100dpi-fonts-4.2.0-72.i386.rpm
RedHat XFree86-ISO8859-2-100dpi-fonts-4.1.0-3.ia64.rpm
+ RedHat Linux 7.2 ia64
RedHat XFree86-ISO8859-2-100dpi-fonts-4.1.0-3.i386.rpm
RedHat XFree86-ISO8859-2-100dpi-fonts-4.0.3-5.i386.rpm
+ RedHat Linux 7.1 i386
RedHat XFree86-ISO8859-15-75dpi-fonts-4.2.0-8.i386.rpm
RedHat XFree86-ISO8859-15-75dpi-fonts-4.2.0-72.i386.rpm
RedHat XFree86-ISO8859-15-75dpi-fonts-4.1.0-3.ia64.rpm
+ RedHat Linux 7.2 ia64
RedHat XFree86-ISO8859-15-75dpi-fonts-4.1.0-3.i386.rpm
+ RedHat Linux 7.2 i386
RedHat XFree86-ISO8859-15-100dpi-fonts-4.2.0-8.i386.rpm
+ RedHat Linux 7.3 i386
RedHat XFree86-ISO8859-15-100dpi-fonts-4.2.0-72.i386.rpm
+ RedHat Linux 8.0 i386
RedHat XFree86-ISO8859-15-100dpi-fonts-4.1.0-3.ia64.rpm
RedHat XFree86-ISO8859-15-100dpi-fonts-4.1.0-3.i386.rpm
+ RedHat Linux 7.2 i386
RedHat XFree86-font-utils-4.2.0-8.i386.rpm
+ RedHat Linux 7.3 i386
RedHat XFree86-font-utils-4.2.0-72.i386.rpm
+ RedHat Linux 8.0 i386
RedHat XFree86-doc-4.2.0-8.i386.rpm
RedHat XFree86-doc-4.2.0-72.i386.rpm
RedHat XFree86-doc-4.1.0-3.ia64.rpm
RedHat XFree86-doc-4.1.0-3.i386.rpm
RedHat XFree86-doc-4.0.3-5.i386.rpm
RedHat XFree86-devel-4.2.0-8.i386.rpm
RedHat XFree86-devel-4.2.0-72.i386.rpm
RedHat XFree86-devel-4.1.0-3.ia64.rpm
RedHat XFree86-devel-4.1.0-3.i386.rpm
+ RedHat Linux 7.2 i386
RedHat XFree86-devel-4.0.3-5.i386.rpm
+ RedHat Linux 7.1 i386
RedHat XFree86-cyrillic-fonts-4.2.0-8.i386.rpm
RedHat XFree86-cyrillic-fonts-4.2.0-72.i386.rpm
+ RedHat Linux 8.0 i386
RedHat XFree86-cyrillic-fonts-4.1.0-3.ia64.rpm
RedHat XFree86-cyrillic-fonts-4.1.0-3.i386.rpm
+ RedHat Linux 7.2 i386
RedHat XFree86-cyrillic-fonts-4.0.3-5.i386.rpm
RedHat XFree86-base-fonts-4.2.0-8.i386.rpm
+ RedHat Linux 7.3 i386
RedHat XFree86-base-fonts-4.2.0-72.i386.rpm
RedHat XFree86-75dpi-fonts-4.2.0-8.i386.rpm
+ RedHat Linux 7.3 i386
RedHat XFree86-75dpi-fonts-4.2.0-72.i386.rpm
RedHat XFree86-75dpi-fonts-4.1.0-3.ia64.rpm
+ RedHat Linux 7.2 ia64
RedHat XFree86-75dpi-fonts-4.1.0-3.i386.rpm
+ RedHat Linux 7.2 i386
RedHat XFree86-75dpi-fonts-4.0.3-5.i386.rpm
+ RedHat Linux 7.1 i386
RedHat XFree86-4.2.0-8.i386.rpm
RedHat XFree86-4.2.0-72.i386.rpm
+ RedHat Linux 8.0 i386
RedHat XFree86-4.1.0-3.ia64.rpm
+ RedHat Linux 7.2 ia64
RedHat XFree86-4.1.0-3.i386.rpm
+ RedHat Linux 7.2 i386
RedHat XFree86-4.0.3-5.i386.rpm
RedHat XFree86-100dpi-fonts-4.2.0-8.i386.rpm
+ RedHat Linux 7.3 i386
RedHat XFree86-100dpi-fonts-4.2.0-72.i386.rpm
+ RedHat Linux 8.0 i386
RedHat XFree86-100dpi-fonts-4.1.0-3.ia64.rpm
+ RedHat Linux 7.2 ia64
RedHat XFree86-100dpi-fonts-4.1.0-3.i386.rpm
RedHat XFree86-100dpi-fonts-4.0.3-5.i386.rpm
+ RedHat Linux 7.1 i386
Mandriva Linux Mandrake 9.2 amd64
Mandriva Linux Mandrake 9.2
Mandriva Linux Mandrake 9.1 ppc
Mandriva Linux Mandrake 9.1
Mandriva Linux Mandrake 9.0
MandrakeSoft Corporate Server 2.1 x86_64
MandrakeSoft Corporate Server 2.1
KDE KDE 3.1.3
KDE KDE 3.1.2
+ Conectiva Linux 9.0
+ Conectiva Linux 9.0
+ KDE KDE 3.1.2
KDE KDE 3.1.1 a
KDE KDE 3.1.1
KDE KDE 3.1
+ RedHat Linux 9.0 i386
+ S.u.S.E. Linux 8.1
+ S.u.S.E. Linux 8.1
KDE KDE 3.0.5 b
KDE KDE 3.0.5 a
+ RedHat Linux 8.0 i386
+ RedHat Linux 7.3 i386
+ RedHat Linux 7.3 i386
KDE KDE 3.0.5
+ Conectiva Linux 8.0
KDE KDE 3.0.4
+ Conectiva Linux 8.0
+ Gentoo Linux 1.4 _rc1
+ Gentoo Linux 1.2
+ Gentoo Linux 1.2
KDE KDE 3.0.3 a
KDE KDE 3.0.3
KDE KDE 3.0.2
+ Mandriva Linux Mandrake 8.2
KDE KDE 3.0.1
KDE KDE 3.0
+ Conectiva Linux 8.0
KDE KDE 2.2.2
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0
+ Debian Linux 3.0
+ Debian Linux 2.2 sparc
+ Debian Linux 2.2 powerpc
+ Debian Linux 2.2 IA-32
+ Debian Linux 2.2 arm
+ Debian Linux 2.2 alpha
+ Debian Linux 2.2 68k
+ Debian Linux 2.2
+ Mandriva Linux Mandrake 8.2 ppc
+ Mandriva Linux Mandrake 8.2 ppc
+ Mandriva Linux Mandrake 8.2
+ Mandriva Linux Mandrake 8.2
+ Mandriva Linux Mandrake 8.1 ia64
+ Mandriva Linux Mandrake 8.1 ia64
+ Mandriva Linux Mandrake 8.1
+ Mandriva Linux Mandrake 8.1
+ Red Hat Enterprise Linux AS 2.1 IA64
+ Red Hat Enterprise Linux AS 2.1 IA64
+ Red Hat Enterprise Linux AS 2.1
+ Red Hat Enterprise Linux AS 2.1
+ RedHat Advanced Workstation for the Itanium Processor 2.1
+ RedHat Enterprise Linux ES 2.1 IA64
+ RedHat Enterprise Linux ES 2.1 IA64
+ RedHat Enterprise Linux ES 2.1
+ RedHat Enterprise Linux ES 2.1
+ RedHat Enterprise Linux WS 2.1 IA64
+ RedHat Enterprise Linux WS 2.1 IA64
+ RedHat Enterprise Linux WS 2.1
+ RedHat Enterprise Linux WS 2.1
+ RedHat Linux 7.2 ia64
+ RedHat Linux 7.2 ia64
+ RedHat Linux 7.2 i386
+ RedHat Linux 7.2 i386
+ RedHat Linux 7.1 i386
+ RedHat Linux 7.1 i386
+ RedHat Linux Advanced Work Station 2.1
+ Sun Linux 5.0.7
+ Sun Linux 5.0.7
+ Sun Linux 5.0.6
+ Sun Linux 5.0.6
+ Sun Linux 5.0.5
+ Sun Linux 5.0.5
KDE KDE 2.2.1
KDE KDE 2.2
KDE KDE 2.1.2
KDE KDE 2.1.1
KDE KDE 2.1
KDE KDE 2.0.1
+ Conectiva Linux 6.0
KDE KDE 2.0 BETA
KDE KDE 2.0
KDE KDE 1.2
KDE KDE 1.1.2
+ Caldera OpenLinux 2.3
+ Mandriva Linux Mandrake 7.0
KDE KDE 1.1.1
KDE KDE 1.1

- 漏洞讨论

A problem has been reported in the KDE Display Manager (KDM) when used in combination with Pluggable Authentication Modules (PAM). Because of this, an attacker may be able to gain unauthorized access to systems.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.

- 解决方案

Red Hat has released advisory RHSA-2003:287-01 to address this issue. Please see the attached advisory for details on obtaining and applying fixes.

Red Hat has released advisory RHSA-2003:286-01 to address this issue. Please see the attached advisory for details on obtaining and applying fixes.

Conectiva have released an advisory (CLSA-2003:770) and fixes to address this issue. See referenced advisory for further detail regarding the application of these fixes. Fixes are linked below.

KDE has released a security advisory and patches to address this issue. See referenced advisory for additional information

Red Hat has released advisory RHSA-2003:269-01 to address this issue. Please see the attached advisory for details on obtaining and applying fixes.

Mandrake has released advisories MDKSA-2003:091 and MDKSA-2003:118 to address this issue. See referenced advisories for additional details.

Conectiva has released an advisory CLA-2003:747, including fixes to address this and other issues.

Debian has released an advisory DSA 388-1, including fixes to address this and other issues.

Turbolinux has released an advisory, including fixes to address this and other issues.

Red Hat has released advisory RHSA-2003:270-12 to address this issue in their Linux Enterprise software. Relevant patches are available through the Red Hat Network. See the referenced advisory for additional details.

SGI has released an advisory (20031002-01-U) pertaining to their ProPack Linux distribution. The advisory has been released in response to a number of RHSA advisories, and includes a patch (Patch 10027) containing updated RPM packages relating to 22 different BIDS.

Patch 10027 can be obtained via the following link:
http://support.sgi.com/

For information regarding how to obtain individual RPM packages included in Patch 10027, please see the attached advisory.

Red Hat has released advisories RHSA-2003:288-01 and RHSA-2003:289-07 to address this issue in their Linux Enterprise software. Relevant patches are available through the Red Hat Network. See the referenced advisory for additional details.

SGI has released an advisory (20031101-01-U) pertaining to their ProPack Linux distribution. The advisory has been released in response to a number of RHSA advisories, and includes a patch (Patch 10032) containing updated RPM packages relating to a number of different BIDS.

Patch 10032 can be obtained via the following link:
http://support.sgi.com/

For information regarding how to obtain individual RPM packages included in Patch 10032, please see the attached advisory.

Gentoo has released an advisory that includes fixes for this issue. The following commands can be used to apply fixes:

emerge --sync
emerge '>=kde-base/kde-3.1.4'
emerge clean

Sun has released fixes for Sun Linux.

Debian has released an advisory (DSA 443-1) and fixes to address this issue. See the referenced advisory for fix information.

Fixes:


RedHat XFree86-ISO8859-9-75dpi-fonts-4.2.0-72.i386.rpm

RedHat XFree86-100dpi-fonts-4.0.3-5.i386.rpm

RedHat XFree86-Xnest-4.2.0-72.i386.rpm

RedHat XFree86-base-fonts-4.2.0-8.i386.rpm

RedHat XFree86-ISO8859-9-100dpi-fonts-4.2.0-8.i386.rpm

RedHat XFree86-Xnest-4.1.0-3.i386.rpm

RedHat XFree86-ISO8859-15-75dpi-fonts-4.1.0-3.ia64.rpm

RedHat XFree86-75dpi-fonts-4.1.0-3.i386.rpm

RedHat XFree86-Xnest-4.1.0-3.ia64.rpm

RedHat XFree86-xfs-4.2.0-8.i386.rpm

RedHat XFree86-100dpi-fonts-4.2.0-72.i386.rpm

RedHat XFree86-twm-4.0.3-5.i386.rpm

RedHat XFree86-font-utils-4.2.0-72.i386.rpm

RedHat XFree86-ISO8859-2-75dpi-fonts-4.1.0-3.i386.rpm

RedHat XFree86-Xnest-4.2.0-8.i386.rpm

RedHat XFree86-ISO8859-2-75dpi-fonts-4.2.0-72.i386.rpm

RedHat XFree86-ISO8859-9-75dpi-fonts-2.1.2-16.noarch.rpm

RedHat XFree86-100dpi-fonts-4.1.0-3.ia64.rpm

RedHat XFree86-ISO8859-15-75dpi-fonts-4.1.0-3.i386.rpm

RedHat XFree86-libs-4.1.0-3.i386.rpm

RedHat XFree86-ISO8859-9-100dpi-fonts-4.1.0-3.i386.rpm

RedHat XFree86-libs-4.0.3-5.i386.rpm

RedHat XFree86-Xvfb-4.0.3-5.i386.rpm

RedHat XFree86-xf86cfg-4.1.0-3.i386.rpm

RedHat XFree86-devel-4.1.0-3.i386.rpm

RedHat XFree86-ISO8859-15-100dpi-fonts-4.2.0-72.i386.rpm

RedHat XFree86-xdm-4.1.0-3.ia64.rpm

RedHat XFree86-ISO8859-15-100dpi-fonts-4.1.0-3.i386.rpm

RedHat XFree86-xdm-4.2.0-72.i386.rpm

RedHat XFree86-ISO8859-2-100dpi-fonts-4.2.0-8.i386.rpm

RedHat XFree86-tools-4.2.0-8.i386.rpm

RedHat XFree86-75dpi-fonts-4.1.0-3.ia64.rpm

RedHat XFree86-xfs-4.1.0-3.i386.rpm

RedHat XFree86-4.1.0-3.i386.rpm

RedHat XFree86-devel-4.0.3-5.i386.rpm

RedHat XFree86-4.2.0-72.i386.rpm

RedHat XFree86-ISO8859-2-100dpi-fonts-4.0.3-5.i386.rpm

RedHat XFree86-75dpi-fonts-4.0.3-5.i386.rpm

RedHat XFree86-4.1.0-3.ia64.rpm

RedHat XFree86-75dpi-fonts-4.2.0-8.i386.rpm

RedHat XFree86-twm-4.2.0-8.i386.rpm

RedHat XFree86-xfs-4.2.0-72.i386.rpm

RedHat XFree86-twm-4.1.0-3.i386.rpm

RedHat XFree86-Xvfb-4.1.0-3.ia64.rpm

RedHat XFree86-tools-4.1.0-3.ia64.rpm

RedHat XFree86-cyrillic-fonts-4.2.0-72.i386.rpm

RedHat XFree86-ISO8859-15-100dpi-fonts-4.2.0-8.i386.rpm

RedHat XFree86-tools-4.2.0-72.i386.rpm

RedHat XFree86-xf86cfg-4.2.0-8.i386.rpm

RedHat XFree86-ISO8859-9-100dpi-fonts-4.1.0-3.ia64.rpm

RedHat XFree86-cyrillic-fonts-4.1.0-3.i386.rpm

RedHat XFree86-100dpi-fonts-4.2.0-8.i386.rpm

RedHat XFree86-Mesa-libGL-4.2.0-72.i386.rpm

RedHat XFree86-ISO8859-2-100dpi-fonts-4.1.0-3.ia64.rpm

RedHat XFree86-font-utils-4.2.0-8.i386.rpm

RedHat XFree86-ISO8859-9-100dpi-fonts-2.1.2-16.noarch.rpm

RedHat XFree86-ISO8859-9-75dpi-fonts-4.1.0-3.ia64.rpm

RedHat XFree86-tools-4.0.3-5.i386.rpm

RedHat XFree86-twm-4.1.0-3.ia64.rpm

KDE KDE 2.2.2

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站