CVE-2004-1171

KDE 3.2.x and 3.3.0 through 3.3.2, when saving credentials that are (1) manually entered by the user or (2) created by the SMB protocol handler, stores those credentials for plaintext in the user's .desktop file, which may be created with world-readable permissions, which could allow local users to obtain usernames and passwords for remote resources such as SMB shares.

CVSS v2.0 2.1 LOW

2.1^/10

CVSS v2.0 : LOW

Vector : AV:L/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://www.securityfocus.com/bid/11866	Patch Vendor Advisory
http://www.kb.cert.org/vuls/id/305294	Third Party Advisory US Government Resource
http://www.sec-consult.com/index.php?id=118
http://www.kde.org/info/security/advisory-20041209-1.txt
http://archives.neohapsis.com/archives/fulldisclosure/2004-11/1292.html
http://www.gentoo.org/security/en/glsa/glsa-200412-16.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2004:150
http://www.ciac.org/ciac/bulletins/p-051.shtml
http://www.osvdb.org/12248
http://securitytracker.com/id?1012471
http://secunia.com/advisories/13560
http://secunia.com/advisories/13477
http://secunia.com/advisories/13486
http://marc.info/?l=bugtraq&m=110178786809694&w=2
http://marc.info/?l=bugtraq&m=110261063201488&w=2
https://exchange.xforce.ibmcloud.com/vulnerabilities/18267

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:kde:kde:3.3:::::::*
	cpe:2.3:o:kde:kde:3.3.1:::::::*
	cpe:2.3:o:redhat:fedora_core:core_3.0:::::::*
	cpe:2.3:o:kde:kde:3.3.2:::::::*
	cpe:2.3:o:mandrakesoft:mandrake_linux:10.0:::::::*
	cpe:2.3:o:kde:kde:3.2:::::::*
	cpe:2.3:o:kde:kde:3.2.1:::::::*
	cpe:2.3:o:mandrakesoft:mandrake_linux:10.0::amd64:::::
	cpe:2.3:o:mandrakesoft:mandrake_linux:10.1:::::::*
	cpe:2.3:o:kde:kde:3.2.2:::::::*
	cpe:2.3:o:kde:kde:3.2.3:::::::*
	cpe:2.3:o:redhat:fedora_core:core_2.0:::::::*
	cpe:2.3:o:mandrakesoft:mandrake_linux:10.1::x86_64:::::

Information

Published : 2005-01-09 21:00

Updated : 2017-07-10 18:30

NVD link : CVE-2004-1171

Mitre link : CVE-2004-1171

JSON object : View

CWE

NVD-CWE-Other

Advertisement

Products Affected

mandrakesoft

mandrake_linux

redhat

fedora_core

kde

kde

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.securityfocus.com/bid/11866", "name": "11866", "tags": ["Patch", "Vendor Advisory"], "refsource": "BID"}, {"url": "http://www.kb.cert.org/vuls/id/305294", "name": "VU#305294", "tags": ["Third Party Advisory", "US Government Resource"], "refsource": "CERT-VN"}, {"url": "http://www.sec-consult.com/index.php?id=118", "name": "http://www.sec-consult.com/index.php?id=118", "tags": [], "refsource": "MISC"}, {"url": "http://www.kde.org/info/security/advisory-20041209-1.txt", "name": "http://www.kde.org/info/security/advisory-20041209-1.txt", "tags": [], "refsource": "CONFIRM"}, {"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-11/1292.html", "name": "20041129 Password Disclosure for SMB Shares in KDE's Konqueror", "tags": [], "refsource": "FULLDISC"}, {"url": "http://www.gentoo.org/security/en/glsa/glsa-200412-16.xml", "name": "GLSA-200412-16", "tags": [], "refsource": "GENTOO"}, {"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:150", "name": "MDKSA-2004:150", "tags": [], "refsource": "MANDRAKE"}, {"url": "http://www.ciac.org/ciac/bulletins/p-051.shtml", "name": "P-051", "tags": [], "refsource": "CIAC"}, {"url": "http://www.osvdb.org/12248", "name": "12248", "tags": [], "refsource": "OSVDB"}, {"url": "http://securitytracker.com/id?1012471", "name": "1012471", "tags": [], "refsource": "SECTRACK"}, {"url": "http://secunia.com/advisories/13560", "name": "13560", "tags": [], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/13477", "name": "13477", "tags": [], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/13486", "name": "13486", "tags": [], "refsource": "SECUNIA"}, {"url": "http://marc.info/?l=bugtraq&m=110178786809694&w=2", "name": "20041129 Password Disclosure for SMB Shares in KDE's Konqueror", "tags": [], "refsource": "BUGTRAQ"}, {"url": "http://marc.info/?l=bugtraq&m=110261063201488&w=2", "name": "20041209 KDE Security Advisory: plain text password exposure", "tags": [], "refsource": "BUGTRAQ"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18267", "name": "kde-smb-password-plaintext(18267)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "KDE 3.2.x and 3.3.0 through 3.3.2, when saving credentials that are (1) manually entered by the user or (2) created by the SMB protocol handler, stores those credentials for plaintext in the user's .desktop file, which may be created with world-readable permissions, which could allow local users to obtain usernames and passwords for remote resources such as SMB shares."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2004-1171", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "severity": "LOW", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2005-01-10T05:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:kde:kde:3.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:kde:kde:3.3.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:redhat:fedora_core:core_3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:kde:kde:3.3.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:mandrakesoft:mandrake_linux:10.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:kde:kde:3.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:kde:kde:3.2.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:mandrakesoft:mandrake_linux:10.0:*:amd64:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:mandrakesoft:mandrake_linux:10.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:kde:kde:3.2.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:kde:kde:3.2.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:redhat:fedora_core:core_2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:mandrakesoft:mandrake_linux:10.1:*:x86_64:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-07-11T01:30Z"}