CVE-2004-1171
First published: Fri Dec 10 2004(Updated: )
KDE 3.2.x and 3.3.0 through 3.3.2, when saving credentials that are (1) manually entered by the user or (2) created by the SMB protocol handler, stores those credentials for plaintext in the user's .desktop file, which may be created with world-readable permissions, which could allow local users to obtain usernames and passwords for remote resources such as SMB shares.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| KDE KDE | =3.3.2 | |
| Redhat Fedora Core | =core_2.0 | |
| KDE KDE | =3.3.1 | |
| KDE KDE | =3.2.2 | |
| KDE KDE | =3.2.1 | |
| Mandrakesoft Mandrake Linux | =10.1 | |
| KDE KDE | =3.3 | |
| Mandrakesoft Mandrake Linux | =10.0 | |
| KDE KDE | =3.2 | |
| KDE KDE | =3.2.3 | |
| Redhat Fedora Core | =core_3.0 | |
| Mandrakesoft Mandrake Linux | =10.0 | |
| Mandrakesoft Mandrake Linux | =10.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.securityfocus.com/bid/11866
- http://www.kb.cert.org/vuls/id/305294
- http://www.sec-consult.com/index.php?id=118
- http://www.kde.org/info/security/advisory-20041209-1.txt
- http://archives.neohapsis.com/archives/fulldisclosure/2004-11/1292.html
- http://www.gentoo.org/security/en/glsa/glsa-200412-16.xml
- http://www.mandriva.com/security/advisories?name=MDKSA-2004:150
- http://www.ciac.org/ciac/bulletins/p-051.shtml
- http://www.osvdb.org/12248
- http://securitytracker.com/id?1012471
- http://secunia.com/advisories/13560
- http://secunia.com/advisories/13477
- http://secunia.com/advisories/13486
- http://marc.info/?l=bugtraq&m=110178786809694&w=2
- http://marc.info/?l=bugtraq&m=110261063201488&w=2
- https://exchange.xforce.ibmcloud.com/vulnerabilities/18267
- collector/nvd-historical
- vendor/kde
- product/kde
- canonical/kde kde
- vendor/redhat
- product/fedora core
- canonical/redhat fedora core
- vendor/mandrakesoft
- product/mandrake linux
- canonical/mandrakesoft mandrake linux
- collector/nvd-index
- agent/description
- agent/event
- agent/weakness
- agent/severity
- agent/type
- agent/references
- agent/author
- agent/softwarecombine
- agent/remedy
- agent/last-modified-date
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- version/kde kde/3.3.2
- version/redhat fedora core/core_2.0
- version/kde kde/3.3.1
- version/kde kde/3.2.2
- version/kde kde/3.2.1
- version/mandrakesoft mandrake linux/10.1
- version/kde kde/3.3
- version/mandrakesoft mandrake linux/10.0
- version/kde kde/3.2
- version/kde kde/3.2.3
- version/redhat fedora core/core_3.0