Vulnerability in Caldera Openlinux_edesktop
CVE-2001-0178
kdesu program in KDE2 (KDE before 2.2.0-6) does not properly verify the owner of a UNIX socket that is used to send a password, which allows local users to steal passwords and gain privileges.
EPSS: 0.004 (27.9th percentile) — read the EPSS interpretation.
Affected products
- Caldera Openlinux_edesktop — versions 2.4
- Conectiva Linux — versions 6.0
- Mandrakesoft Mandrake_linux — versions 6.1, 7.0, 7.1
- Mandrakesoft Mandrake_linux_corporate_server — versions 1.0.1
- Suse Suse_linux — versions 6.0, 6.1, 6.2
- N/a — versions n/a
References
- cve@mitre.org (vendor-advisory, x_refsource_SUSE)
- cve@mitre.org (Vendor Advisory, x_refsource_CALDERA, vendor-advisory, Patch)
- cve@mitre.org (vendor-advisory, Patch, x_refsource_MANDRAKE, Vendor Advisory)
- cve@mitre.org (vdb-entry, x_refsource_XF)