CVE-2003-0692

KDM in KDE 3.1.3 and earlier uses a weak session cookie generation algorithm that does not provide 128 bits of entropy, which allows attackers to guess session cookies via brute force methods and gain access to the user session.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.kde.org/info/security/advisory-20030916-1.txt	Patch Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2003-270.html	Patch Vendor Advisory
http://www.debian.org/security/2003/dsa-388	Patch Vendor Advisory
http://cert.uni-stuttgart.de/archive/suse/security/2002/12/msg00101.html
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000747
http://www.redhat.com/support/errata/RHSA-2003-288.html
http://www.mandriva.com/security/advisories?name=MDKSA-2003:091
http://marc.info/?l=bugtraq&m=106374551513499&w=2
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A215

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:kde:kde:2.0.1:::::::*
	cpe:2.3:o:kde:kde:2.0_beta:::::::*
	cpe:2.3:o:kde:kde:2.1:::::::*
	cpe:2.3:o:kde:kde:3.0.1:::::::*
	cpe:2.3:o:kde:kde:3.0.2:::::::*
	cpe:2.3:o:kde:kde:3.1:::::::*
	cpe:2.3:o:kde:kde:3.1.1:::::::*
	cpe:2.3:o:kde:kde:1.1.1:::::::*
	cpe:2.3:o:kde:kde:1.1.2:::::::*
	cpe:2.3:o:kde:kde:2.2:::::::*
	cpe:2.3:o:kde:kde:2.2.1:::::::*
	cpe:2.3:o:kde:kde:2.1.2:::::::*
	cpe:2.3:o:kde:kde:2.0:::::::*
	cpe:2.3:o:kde:kde:3.0.5:::::::*
	cpe:2.3:o:kde:kde:3.1.1a:::::::*
	cpe:2.3:o:kde:kde:3.0.5b:::::::*
	cpe:2.3:o:kde:kde:3.1.2:::::::*
	cpe:2.3:o:kde:kde:3.0.5a:::::::*
	cpe:2.3:o:kde:kde:3.0.4:::::::*
	cpe:2.3:o:kde:kde:3.0:::::::*
	cpe:2.3:o:kde:kde:2.1.1:::::::*
	cpe:2.3:o:kde:kde:3.1.3:::::::*
	cpe:2.3:o:kde:kde:2.2.2:::::::*
	cpe:2.3:o:kde:kde:1.1:::::::*
	cpe:2.3:o:kde:kde:1.2:::::::*
	cpe:2.3:o:kde:kde:3.0.3:::::::*
	cpe:2.3:o:kde:kde:3.0.3a:::::::*

Information

Published : 2003-10-05 21:00

Updated : 2017-10-10 18:29

NVD link : CVE-2003-0692

Mitre link : CVE-2003-0692

JSON object : View

CWE

NVD-CWE-Other

Products Affected

kde

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.kde.org/info/security/advisory-20030916-1.txt", "name": "http://www.kde.org/info/security/advisory-20030916-1.txt", "tags": ["Patch", "Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://www.redhat.com/support/errata/RHSA-2003-270.html", "name": "RHSA-2003:270", "tags": ["Patch", "Vendor Advisory"], "refsource": "REDHAT"}, {"url": "http://www.debian.org/security/2003/dsa-388", "name": "DSA-388", "tags": ["Patch", "Vendor Advisory"], "refsource": "DEBIAN"}, {"url": "http://cert.uni-stuttgart.de/archive/suse/security/2002/12/msg00101.html", "name": "http://cert.uni-stuttgart.de/archive/suse/security/2002/12/msg00101.html", "tags": [], "refsource": "MISC"}, {"url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000747", "name": "CLA-2003:747", "tags": [], "refsource": "CONECTIVA"}, {"url": "http://www.redhat.com/support/errata/RHSA-2003-288.html", "name": "RHSA-2003:288", "tags": [], "refsource": "REDHAT"}, {"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:091", "name": "MDKSA-2003:091", "tags": [], "refsource": "MANDRAKE"}, {"url": "http://marc.info/?l=bugtraq&m=106374551513499&w=2", "name": "20030916 [KDE SECURITY ADVISORY] KDM vulnerabilities", "tags": [], "refsource": "BUGTRAQ"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A215", "name": "oval:org.mitre.oval:def:215", "tags": [], "refsource": "OVAL"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "KDM in KDE 3.1.3 and earlier uses a weak session cookie generation algorithm that does not provide 128 bits of entropy, which allows attackers to guess session cookies via brute force methods and gain access to the user session."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2003-0692", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "HIGH", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": true, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2003-10-06T04:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:kde:kde:2.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:kde:kde:2.0_beta:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:kde:kde:2.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:kde:kde:3.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:kde:kde:3.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:kde:kde:3.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:kde:kde:3.1.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:kde:kde:1.1.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:kde:kde:1.1.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:kde:kde:2.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:kde:kde:2.2.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:kde:kde:2.1.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:kde:kde:2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:kde:kde:3.0.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:kde:kde:3.1.1a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:kde:kde:3.0.5b:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:kde:kde:3.1.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:kde:kde:3.0.5a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:kde:kde:3.0.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:kde:kde:3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:kde:kde:2.1.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:kde:kde:3.1.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:kde:kde:2.2.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:kde:kde:1.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:kde:kde:1.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:kde:kde:3.0.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:kde:kde:3.0.3a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-10-11T01:29Z"}

7.5 /10