KDM in KDE 3.1.3 and earlier does not verify whether the pam_setcred function call succeeds, which may allow attackers to gain root privileges by triggering error conditions within PAM modules, as demonstrated in certain configurations of the MIT pam_krb5 module.
Max CVSS
10.0
EPSS Score
0.83%
Published
2003-10-06
Updated
2017-10-11
1 vulnerabilities found