CVE-2003-0692
First published: Thu Sep 18 2003(Updated: )
KDM in KDE 3.1.3 and earlier uses a weak session cookie generation algorithm that does not provide 128 bits of entropy, which allows attackers to guess session cookies via brute force methods and gain access to the user session.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| KDE KDE | =2.2.1 | |
| KDE KDE | =2.1.2 | |
| KDE KDE | =2.0 | |
| KDE KDE | =3.0.2 | |
| KDE KDE | =3.0.5 | |
| KDE KDE | =2.0_beta | |
| KDE KDE | =2.2 | |
| KDE KDE | =3.1.1a | |
| KDE KDE | =2.0.1 | |
| KDE KDE | =2.1 | |
| KDE KDE | =3.0.1 | |
| KDE KDE | =3.1 | |
| KDE KDE | =3.1.1 | |
| KDE KDE | =1.1.1 | |
| KDE KDE | =1.1.2 | |
| KDE KDE | =3.0.4 | |
| KDE KDE | =3.1.3 | |
| KDE KDE | =1.2 | |
| KDE KDE | =2.2.2 | |
| KDE KDE | =3.0 | |
| KDE KDE | =3.0.5a | |
| KDE KDE | =3.0.5b | |
| KDE KDE | =1.1 | |
| KDE KDE | =2.1.1 | |
| KDE KDE | =3.0.3 | |
| KDE KDE | =3.0.3a | |
| KDE KDE | =3.1.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.kde.org/info/security/advisory-20030916-1.txt
- http://www.redhat.com/support/errata/RHSA-2003-270.html
- http://www.debian.org/security/2003/dsa-388
- http://cert.uni-stuttgart.de/archive/suse/security/2002/12/msg00101.html
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000747
- http://www.redhat.com/support/errata/RHSA-2003-288.html
- http://www.mandriva.com/security/advisories?name=MDKSA-2003:091
- http://marc.info/?l=bugtraq&m=106374551513499&w=2
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A215
- collector/nvd-historical
- collector/nvd-index
- agent/references
- agent/weakness
- agent/severity
- agent/author
- agent/type
- agent/description
- agent/event
- agent/softwarecombine
- agent/last-modified-date
- agent/remedy
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/kde
- canonical/kde kde
- version/kde kde/2.2.1
- version/kde kde/2.1.2
- version/kde kde/2.0
- version/kde kde/3.0.2
- version/kde kde/3.0.5
- version/kde kde/2.0_beta
- version/kde kde/2.2
- version/kde kde/3.1.1a
- version/kde kde/2.0.1
- version/kde kde/2.1
- version/kde kde/3.0.1
- version/kde kde/3.1
- version/kde kde/3.1.1
- version/kde kde/1.1.1
- version/kde kde/1.1.2
- version/kde kde/3.0.4
- version/kde kde/3.1.3
- version/kde kde/1.2
- version/kde kde/2.2.2
- version/kde kde/3.0
- version/kde kde/3.0.5a
- version/kde kde/3.0.5b
- version/kde kde/1.1
- version/kde kde/2.1.1
- version/kde kde/3.0.3
- version/kde kde/3.0.3a
- version/kde kde/3.1.2