CVE-2003-0690

CRITICAL

10.0

CVSS Severity Score

EPSS Score0.0960%

EPSS Percentile7.84th

PublishedOct 6, 2003

Last ModifiedApr 16, 2026

Vulnerability Description

KDM in KDE 3.1.3 and earlier does not verify whether the pam_setcred function call succeeds, which may allow attackers to gain root privileges by triggering error conditions within PAM modules, as demonstrated in certain configurations of the MIT pam_krb5 module.

Affected Platforms (CPE)

💻

Kde

= 1.1

💻

Kde

= 1.1.1

💻

Kde

= 1.1.2

💻

Kde

= 1.2

💻

Kde

= 2.0

💻

Kde

= 2.0.1

💻

Kde

= 2.0_beta

💻

Kde

= 2.1

💻

Kde

= 2.1.1

💻

Kde

= 2.1.2

💻

Kde

= 2.2

💻

Kde

= 2.2.1

💻

Kde

= 2.2.2

💻

Kde

= 3.0

💻

Kde

= 3.0.1

💻

Kde

= 3.0.2

💻

Kde

= 3.0.3

💻

Kde

= 3.0.3a

💻

Kde

= 3.0.4

💻

Kde

= 3.0.5

💻

Kde

= 3.0.5a

💻

Kde

= 3.0.5b

💻

Kde

= 3.1

💻

Kde

= 3.1.1

💻

Kde

= 3.1.1a

💻

Kde

= 3.1.2

💻

Kde

= 3.1.3

References & Advisories

🔗 http://cert.uni-stuttgart.de/archive/suse/security/2002/12/msg00101.html

🔗 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000747

🔗 http://marc.info/?l=bugtraq&m=106374551513499&w=2

🔗 http://www.debian.org/security/2003/dsa-388

🔗 http://www.debian.org/security/2004/dsa-443

🔗 http://www.kde.org/info/security/advisory-20030916-1.txt

🔗 http://www.mandriva.com/security/advisories?name=MDKSA-2003:091

🔗 http://www.redhat.com/support/errata/RHSA-2003-270.html

Vulnerability Description

Affected Platforms (CPE)

Kde

Kde

Kde

Kde

Kde

Kde

Kde

Kde

Kde

Kde

Kde

Kde

Kde

Kde

Kde

Kde

Kde

Kde

Kde

Kde

Kde

Kde

Kde

Kde

Kde

Kde

Kde

References & Advisories

Related Vulnerabilities