4.6

CVE-2008-1671

Exploit
start_kdeinit in KDE 3.5.5 through 3.5.9, when installed setuid root, allows local users to cause a denial of service and possibly execute arbitrary code via "user-influenceable input" (probably command-line arguments) that cause start_kdeinit to send SIGUSR1 signals to other processes.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
KdeKde Version3.5.5
KdeKde Version3.5.6
KdeKde Version3.5.7
KdeKde Version3.5.8
KdeKde Version3.5.9
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.63% 0.452
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.6 3.9 6.4
AV:L/AC:L/Au:N/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html
ftp://ftp.kde.org/pub/kde/security_patches/post-kde-3.5.5-kinit.diff
Exploit
http://secunia.com/advisories/29951
Vendor Advisory
http://secunia.com/advisories/29977
http://secunia.com/advisories/30113
http://security.gentoo.org/glsa/glsa-200804-30.xml
http://www.kde.org/info/security/advisory-20080426-2.txt
http://www.mandriva.com/security/advisories?name=MDVSA-2008:097
http://www.securityfocus.com/bid/28938
http://www.securitytracker.com/id?1019924
http://www.ubuntu.com/usn/usn-608-1
http://www.vupen.com/english/advisories/2008/1370/references
https://exchange.xforce.ibmcloud.com/vulnerabilities/42039