Vulnerability KDE PAM Fedora Core 5
Original release date: 9/6/2006
Last revised: 9/6/2006
Source: US-CERT/NIST
Overview
The KDE PAM configuration shipped with Fedora Core 5 causes KDM passwords to be cached, which allows attackers to login without a password by attempting to log in multiple times.
Impact
CVSS Severity: 10.0 (High)
Range: Remotely exploitable , Locally exploitable
Authentication: Not required to exploit
Impact Type: Provides administrator access
References to Advisories, Solutions, and Tools
External Source: FEDORA (disclaimer)
Name: FEDORA-2006-942
Hyperlink: http://lwn.net/Alerts/197302/
Vulnerable software and versions
KDE, kdebase, 3.5.4-0.4.fc5
Technical Details
CVSS Base Score Vector: (AV:R/AC:L/Au:NR/C:C/I:C/A:C/B:N) (legend)
Vulnerability Type: Access Validation Error , Design Error
CVE Standard Vulnerability Entry:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3742
~ Utore Security Center
The comments are owned by the poster. We aren't responsible for its content.