CVE-2016-3100 — Sensitive Information Exposure in Kinit

CWE-200 — Sensitive Information Exposure5 documents5 sources

Severity

8.4HIGHNVD

EPSS

0.0%

top 85.34%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

4

Debian Kinit KDE Frameworks Opensuse Leap +1 more

Timeline

PublishedJul 13

Latest updateMay 14

Description

kinit in KDE Frameworks before 5.23.0 uses weak permissions (644) for /tmp/xauth-xxx-_y, which allows local users to obtain X11 cookies of other users and consequently capture keystrokes and possibly gain privileges by reading the file.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.5 | Impact: 5.9

Affected Packages4 packages

▶debiandebian/kinit< kinit 5.23.0-1 (bookworm)

▶NVDkde/kde_frameworks5.22.0

▶NVDopensuse/leap42.1

▶NVDopensuse/opensuse13.2

🔴Vulnerability Details

2

GHSA

GHSA-8h23-v9w8-5prq: kinit in KDE Frameworks before 5↗2022-05-14

▶

OSV

CVE-2016-3100: kinit in KDE Frameworks before 5↗2016-07-13

▶

📋Vendor Advisories

1

Debian

CVE-2016-3100: kinit - kinit in KDE Frameworks before 5.23.0 uses weak permissions (644) for /tmp/xauth...↗2016

▶

💬Community

1

Bugzilla

CVE-2016-3100 kde: world readable Xauthority file exposes cookie credentials↗2016-06-08

▶