CVE-2005-2494KDE vulnerability

8 documents6 sources
Severity
7.2HIGHNVD
EPSS
0.0%
top 86.35%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
KDE
Timeline
PublishedSep 6
Latest updateMay 3

Description

kcheckpass in KDE 3.2.0 up to 3.4.2 allows local users to gain root access via a symlink attack on lock files.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages1 packages

NVDkde/kde10 versions+9

Patches

Patch: ftp.kde.orgPatch: www.kde.orgPatch: ftp.kde.org

🔴Vulnerability Details

2
GHSA
GHSA-3p2f-43j8-jmf7: kcheckpass in KDE 32022-05-03
CVEList
CVE-2005-2494: kcheckpass in KDE 32005-09-06

📋Vendor Advisories

2
Ubuntu
kcheckpass vulnerability2005-09-07
Red Hat
security flaw2005-09-05

💬Community

3
Bugzilla
CVE-2005-2494 security flaw2018-08-16
Bugzilla
CVE-2005-2494 kdebase- kcheckpass privilege escalation, CVE-2006-2449 kdebase- KDM symlink attack vulnerability2006-02-05
Bugzilla
CVE-2005-2494 kcheckpass privilege escalation2005-08-29
CVE-2005-2494 — KDE vulnerability | cvebase