exploitDog

CVE-2016-3100

Опубликовано: 13 июл. 2016

Источник: debian

EPSS Низкий

Описание

kinit in KDE Frameworks before 5.23.0 uses weak permissions (644) for /tmp/xauth-xxx-_y, which allows local users to obtain X11 cookies of other users and consequently capture keystrokes and possibly gain privileges by reading the file.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
kinit	fixed	5.23.0-1		package

Примечания

https://bugs.kde.org/show_bug.cgi?id=358593
https://bugs.kde.org/show_bug.cgi?id=363140
https://quickgit.kde.org/?p=kinit.git&a=commitdiff&h=dece8fd89979cd1a86c03bcaceef6e9221e8d8cd
https://quickgit.kde.org/?p=kinit.git&a=commitdiff&h=72f3702dbe6cf15c06dc13da2c99c864e9022a58

EPSS

Процентиль: 15%

0.00048

Низкий

Связанные уязвимости

CVE-2016-3100

CVSS3: 8.4

ubuntu

больше 9 лет назад

kinit in KDE Frameworks before 5.23.0 uses weak permissions (644) for /tmp/xauth-xxx-_y, which allows local users to obtain X11 cookies of other users and consequently capture keystrokes and possibly gain privileges by reading the file.

CVE-2016-3100

CVSS3: 8.4

nvd

больше 9 лет назад

kinit in KDE Frameworks before 5.23.0 uses weak permissions (644) for /tmp/xauth-xxx-_y, which allows local users to obtain X11 cookies of other users and consequently capture keystrokes and possibly gain privileges by reading the file.

openSUSE-SU-2016:1723-1

suse-cvrf

больше 9 лет назад

Security update for kinit

GHSA-8h23-v9w8-5prq

CVSS3: 8.4

github

больше 3 лет назад

kinit in KDE Frameworks before 5.23.0 uses weak permissions (644) for /tmp/xauth-xxx-_y, which allows local users to obtain X11 cookies of other users and consequently capture keystrokes and possibly gain privileges by reading the file.

EPSS

Процентиль: 15%

0.00048

Низкий