CVE-2001-0178

kdesu program in KDE2 (KDE before 2.2.0-6) does not properly verify the owner of a UNIX socket that is used to send a password, which allows local users to steal passwords and gain privileges.

Score2.1
Access VectorLOCAL
Access ComplexityLOW
AuthenticationNONE
Confidentiality ImpactPARTIAL
Integrity ImpactNONE
Availability ImpactNONE
Published2001-03-26 12:00:00.000-05
Last Modified2017-10-09 09:29:37.000-04

Vulnerable Software List

VendorProductVersions
Caldera Openlinux Edesktop 2.4
Conectiva Linux 6.0
Mandrakesoft Mandrake Linux 6.1, 7.0, 7.1, 7.2
Mandrakesoft Mandrake Linux Corporate Server 1.0.1
Suse Suse Linux 6.0, 6.1, 6.2, 6.3, 6.4, 7.0

References

SourceLink
CALDERACSSA-2001-005.0
MANDRAKEMDKSA-2001:018
SUSESuSE-SA:2001:02
XFkde2-kdesu-retrieve-passwords(5995)