Vulnerability Description
KMail in KDE 1.0 provides a PGP passphrase as a command line argument to other programs, which could allow local users to obtain the passphrase and compromise the PGP keys of other users by viewing the arguments via programs that list process information, such as ps.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Kde | Kde | 1.0 |
References
- http://lists.kde.org/?l=kde-devel&m=90221974029738&w=2Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/1639
- http://lists.kde.org/?l=kde-devel&m=90221974029738&w=2Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/1639
FAQ
What is CVE-1999-1270?
CVE-1999-1270 is a vulnerability with a CVSS score of 4.6 (MEDIUM). KMail in KDE 1.0 provides a PGP passphrase as a command line argument to other programs, which could allow local users to obtain the passphrase and compromise the PGP keys of other users by viewing th...
How severe is CVE-1999-1270?
CVE-1999-1270 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-1999-1270?
Check the references section above for vendor advisories and patch information. Affected products include: Kde Kde.