RSS   Vulnerabilities for 'Kcheckpass'   RSS

2012-01-06
 
CVE-2011-5054

CWE-287
 

 
kcheckpass passes a user-supplied argument to the pam_start function, often within a setuid environment, which allows local users to invoke any configured PAM stack, and possibly trigger unintended side effects, via an arbitrary valid PAM service name, a different vulnerability than CVE-2011-4122. NOTE: the vendor indicates that the possibility of resultant privilege escalation may be "a bit far-fetched."

 

 >>> Vendor: KDE 49 Products
K-mail
KDE
Kde beta 3
KVT
KTV
Kdeutils
Konqueror
Klisa
Kopete
Konqueror embedded
Kdebase
Kdelibs
Koffice
KPDF
Dcopserver
Desktop communication protocol daemon
Kmail
Quanta
Kdegraphics
Kword
ARTS
Libkhtml
Ksirc
Amarok
Kmplayer
Kde sc
KGET
Kcheckpass
Kde pim
Kde-workspace
ARK
Trojita
Kauth
Kde-runtime
Kio-extras
Plasma-desktop
Kde applications
Plasma-workspace
Kde frameworks
Karchives
Kscreenlocker
Kde-cli-tools
KIO
Messagelib
Okular
Ktexteditor
Partition manager
Kimageformats
KATE


Copyright 2024, cxsecurity.com

 

Back to Top