CVE-2004-1171

Sažetak

KDE 3.2.x and 3.3.0 through 3.3.2, when saving credentials that are (1) manually entered by the user or (2) created by the SMB protocol handler, stores those credentials for plaintext in the user's .desktop file, which may be created with world-readable permissions, which could allow local users to obtain usernames and passwords for remote resources such as SMB shares.

Reference

http://archives.neohapsis.com/archives/fulldisclosure/2004-11/1292.html
http://marc.info/?l=bugtraq&m=110178786809694&w=2
http://marc.info/?l=bugtraq&m=110261063201488&w=2
http://secunia.com/advisories/13477
http://secunia.com/advisories/13486
http://secunia.com/advisories/13560
http://securitytracker.com/id?1012471
http://www.ciac.org/ciac/bulletins/p-051.shtml
http://www.gentoo.org/security/en/glsa/glsa-200412-16.xml
http://www.kb.cert.org/vuls/id/305294
http://www.kde.org/info/security/advisory-20041209-1.txt
http://www.mandriva.com/security/advisories?name=MDKSA-2004:150
http://www.osvdb.org/12248
http://www.sec-consult.com/index.php?id=118
http://www.securityfocus.com/bid/11866
https://exchange.xforce.ibmcloud.com/vulnerabilities/18267

CVSS

Base:	2.1
Impact:	2.9
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:L/AC:L/Au:N/C:P/I:N/A:N

Zadnje važnije ažuriranje

11-07-2017 - 01:30

Objavljeno

10-01-2005 - 05:00