CVE-2004-1171

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2004-1171
KDE 3.2.x and 3.3.0 through 3.3.2, when saving credentials that are (1) manually entered by the user or (2) created by the SMB protocol handler, stores those credentials for plaintext in the user's .desktop file, which may be created with world-readable permissions, which could allow local users to obtain usernames and passwords for remote resources such as SMB shares.

2.1 /10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:L/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References
Link Resource
http://archives.neohapsis.com/archives/fulldisclosure/2004-11/1292.html
http://marc.info/?l=bugtraq&m=110178786809694&w=2
http://marc.info/?l=bugtraq&m=110261063201488&w=2
http://secunia.com/advisories/13477
http://secunia.com/advisories/13486
http://secunia.com/advisories/13560
http://securitytracker.com/id?1012471
http://www.ciac.org/ciac/bulletins/p-051.shtml
http://www.gentoo.org/security/en/glsa/glsa-200412-16.xml
http://www.kb.cert.org/vuls/id/305294 Third Party Advisory US Government Resource
http://www.kde.org/info/security/advisory-20041209-1.txt
http://www.mandriva.com/security/advisories?name=MDKSA-2004:150
http://www.osvdb.org/12248
http://www.sec-consult.com/index.php?id=118
http://www.securityfocus.com/bid/11866 Patch Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/18267
http://archives.neohapsis.com/archives/fulldisclosure/2004-11/1292.html
http://marc.info/?l=bugtraq&m=110178786809694&w=2
http://marc.info/?l=bugtraq&m=110261063201488&w=2
http://secunia.com/advisories/13477
http://secunia.com/advisories/13486
http://secunia.com/advisories/13560
http://securitytracker.com/id?1012471
http://www.ciac.org/ciac/bulletins/p-051.shtml
http://www.gentoo.org/security/en/glsa/glsa-200412-16.xml
http://www.kb.cert.org/vuls/id/305294 Third Party Advisory US Government Resource
http://www.kde.org/info/security/advisory-20041209-1.txt
http://www.mandriva.com/security/advisories?name=MDKSA-2004:150
http://www.osvdb.org/12248
http://www.sec-consult.com/index.php?id=118
http://www.securityfocus.com/bid/11866 Patch Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/18267
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:kde:kde:3.2:*:*:*:*:*:*:*
cpe:2.3:o:kde:kde:3.2.1:*:*:*:*:*:*:*
cpe:2.3:o:kde:kde:3.2.2:*:*:*:*:*:*:*
cpe:2.3:o:kde:kde:3.2.3:*:*:*:*:*:*:*
cpe:2.3:o:kde:kde:3.3:*:*:*:*:*:*:*
cpe:2.3:o:kde:kde:3.3.1:*:*:*:*:*:*:*
cpe:2.3:o:kde:kde:3.3.2:*:*:*:*:*:*:*
cpe:2.3:o:mandrakesoft:mandrake_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:mandrakesoft:mandrake_linux:10.0:*:amd64:*:*:*:*:*
cpe:2.3:o:mandrakesoft:mandrake_linux:10.1:*:*:*:*:*:*:*
cpe:2.3:o:mandrakesoft:mandrake_linux:10.1:*:x86_64:*:*:*:*:*
cpe:2.3:o:redhat:fedora_core:core_2.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:fedora_core:core_3.0:*:*:*:*:*:*:*
History

20 Nov 2024, 23:50

Type Values Removed Values Added
References () http://archives.neohapsis.com/archives/fulldisclosure/2004-11/1292.html - () http://archives.neohapsis.com/archives/fulldisclosure/2004-11/1292.html -
References () http://marc.info/?l=bugtraq&m=110178786809694&w=2 - () http://marc.info/?l=bugtraq&m=110178786809694&w=2 -
References () http://marc.info/?l=bugtraq&m=110261063201488&w=2 - () http://marc.info/?l=bugtraq&m=110261063201488&w=2 -
References () http://secunia.com/advisories/13477 - () http://secunia.com/advisories/13477 -
References () http://secunia.com/advisories/13486 - () http://secunia.com/advisories/13486 -
References () http://secunia.com/advisories/13560 - () http://secunia.com/advisories/13560 -
References () http://securitytracker.com/id?1012471 - () http://securitytracker.com/id?1012471 -
References () http://www.ciac.org/ciac/bulletins/p-051.shtml - () http://www.ciac.org/ciac/bulletins/p-051.shtml -
References () http://www.gentoo.org/security/en/glsa/glsa-200412-16.xml - () http://www.gentoo.org/security/en/glsa/glsa-200412-16.xml -
References () http://www.kb.cert.org/vuls/id/305294 - Third Party Advisory, US Government Resource () http://www.kb.cert.org/vuls/id/305294 - Third Party Advisory, US Government Resource
References () http://www.kde.org/info/security/advisory-20041209-1.txt - () http://www.kde.org/info/security/advisory-20041209-1.txt -
References () http://www.mandriva.com/security/advisories?name=MDKSA-2004:150 - () http://www.mandriva.com/security/advisories?name=MDKSA-2004:150 -
References () http://www.osvdb.org/12248 - () http://www.osvdb.org/12248 -
References () http://www.sec-consult.com/index.php?id=118 - () http://www.sec-consult.com/index.php?id=118 -
References () http://www.securityfocus.com/bid/11866 - Patch, Vendor Advisory () http://www.securityfocus.com/bid/11866 - Patch, Vendor Advisory
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/18267 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/18267 -
Information

Published : 2005-01-10 05:00

Updated : 2024-11-20 23:50

NVD link : CVE-2004-1171

Mitre link : CVE-2004-1171

CVE.ORG link : CVE-2004-1171

JSON object : View

Products Affected

redhat

  • fedora_core

kde

  • kde

mandrakesoft

  • mandrake_linux
CWE
NVD-CWE-Other