DescriptionKDM in KDE 3.1.3 and earlier does not verify whether the pam_setcred function call succeeds, which may allow attackers to gain root privileges by triggering error conditions within PAM modules, as demonstrated in certain configurations of the MIT pam_krb5 module.
Overall state of this security issue: Resolved
This issue is currently rated as having critical severity.
|National Vulnerability Database|
SUSE Security Advisories:
- SuSE-SA:2003:044, published Friday, Oct 31st 2003 13:04 MEST
- SuSE-SA:2003:045, published Mon Nov 10 15:00:00 CET 2003
- SuSE-SA:2003:046, published Tuesday, Nov 18th 2003 14:30 MEST
- SuSE-SA:2003:047, published Friday, Nov 28th 2003 15:30 MEST
- SuSE-SA:2003:049, published Thursday, December 4th 2003 15:30 MET
- SuSE-SA:2003:050, published Thursday, Dec 4th 2003 14:30 MET
SUSE Timeline for this CVECVE page created: Fri Jun 28 00:26:23 2013
CVE page last modified: Fri Oct 7 12:45:28 2022