PT-2001-1407 · Kde · Kde
Published
2001-03-26
·
Updated
2017-10-10
·
CVE-2001-0178
CVSS v2.0
2.1
Low
| Vector | AV:L/AC:L/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions:
KDE versions prior to 2.2.0-6
Description:
The issue concerns the kdesu program in KDE, which fails to properly verify the owner of a UNIX socket used for sending passwords. This allows local users to steal passwords and gain privileges.
Recommendations:
For versions prior to 2.2.0-6, update to version 2.2.0-6 or later to resolve the issue.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Kde