exploitDog

CVE-2016-3100

Опубликовано: 13 июл. 2016

Источник: nvd

CVSS3: 8.4

CVSS2: 2.1

EPSS Низкий

Описание

kinit in KDE Frameworks before 5.23.0 uses weak permissions (644) for /tmp/xauth-xxx-_y, which allows local users to obtain X11 cookies of other users and consequently capture keystrokes and possibly gain privileges by reading the file.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*

cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*

Конфигурация 2

cpe:2.3:a:kde:kde_frameworks:*:*:*:*:*:*:*:*

Версия до 5.22.0 (включая)

EPSS

Процентиль: 15%

0.00048

Низкий

8.4 High

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-200

Связанные уязвимости

CVE-2016-3100

CVSS3: 8.4

ubuntu

больше 9 лет назад

kinit in KDE Frameworks before 5.23.0 uses weak permissions (644) for /tmp/xauth-xxx-_y, which allows local users to obtain X11 cookies of other users and consequently capture keystrokes and possibly gain privileges by reading the file.

CVE-2016-3100

CVSS3: 8.4

debian

больше 9 лет назад

kinit in KDE Frameworks before 5.23.0 uses weak permissions (644) for ...

openSUSE-SU-2016:1723-1

suse-cvrf

больше 9 лет назад

Security update for kinit

GHSA-8h23-v9w8-5prq

CVSS3: 8.4

github

больше 3 лет назад

kinit in KDE Frameworks before 5.23.0 uses weak permissions (644) for /tmp/xauth-xxx-_y, which allows local users to obtain X11 cookies of other users and consequently capture keystrokes and possibly gain privileges by reading the file.

EPSS

Процентиль: 15%

0.00048

Низкий

8.4 High

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-200