[Forgot Password]
Login  Register Subscribe

30430

 
 

423868

 
 

247768

 
 

909

 
 

194555

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2008-1671Date: (C)2008-04-28   (M)2023-12-22


start_kdeinit in KDE 3.5.5 through 3.5.9, when installed setuid root, allows local users to cause a denial of service and possibly execute arbitrary code via "user-influenceable input" (probably command-line arguments) that cause start_kdeinit to send SIGUSR1 signals to other processes.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 4.6
Exploit Score: 3.9
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
SECTRACK-1019924
BID-28938
SECUNIA-29951
SECUNIA-29977
SECUNIA-30113
ADV-2008-1370
GLSA-200804-30
MDVSA-2008:097
SUSE-SR:2008:011
USN-608-1
ftp://ftp.kde.org/pub/kde/security_patches/post-kde-3.5.5-kinit.diff
http://www.kde.org/info/security/advisory-20080426-2.txt
kde-startkdeinit-privilege-escalation(42039)

CWE    1
CWE-16
OVAL    1
oval:org.secpod.oval:def:301629

© SecPod Technologies