Description
kdesu program in KDE2 (KDE before 2.2.0-6) does not properly verify the owner of a UNIX socket that is used to send a password, which allows local users to steal passwords and gain privileges.
References (4)
Core 4
Core References
Vendor Advisory vendor-advisory
x_refsource_suse
http://www.novell.com/linux/security/advisories/2001_002_kdesu_txt.html
Patch, Vendor Advisory vendor-advisory
x_refsource_caldera
http://www.calderasystems.com/support/security/advisories/CSSA-2001-005.0.txt
Patch, Vendor Advisory vendor-advisory
x_refsource_mandrake
http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-018.php3?dis=7.2
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/5995
Scores
EPSS
0.0010
EPSS Percentile
27.5%
Details
Status
published
Products (13)
caldera/openlinux_edesktop
2.4
conectiva/linux
6.0
mandrakesoft/mandrake_linux
6.1
mandrakesoft/mandrake_linux
7.0
mandrakesoft/mandrake_linux
7.1
mandrakesoft/mandrake_linux
7.2
mandrakesoft/mandrake_linux_corporate_server
1.0.1
suse/suse_linux
6.0
suse/suse_linux
6.1
suse/suse_linux
6.2
... and 3 more
Published
Mar 26, 2001
Tracked Since
Feb 18, 2026