Vulnerability Description
Kdbg 1.1.0 through 1.2.8 does not check permissions of the .kdbgrc file, which allows local users to execute arbitrary commands.
CVSS Score
4.6
MEDIUM
AV:L/AC:L/Au:N/C:P/I:P/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Johannes Sixt | Kdbg | 1.1.0 |
References
- http://lists.debian.org/debian-devel-changes/2003/09/msg00767.htmlVendor Advisory
- http://lists.kde.org/?l=kde-announce&m=106296509815092&w=2PatchVendor Advisory
- http://www.redhat.com/support/errata/RHSA-2005-416.html
- http://lists.debian.org/debian-devel-changes/2003/09/msg00767.htmlVendor Advisory
- http://lists.kde.org/?l=kde-announce&m=106296509815092&w=2PatchVendor Advisory
- http://www.redhat.com/support/errata/RHSA-2005-416.html
FAQ
What is CVE-2003-0644?
CVE-2003-0644 is a vulnerability with a CVSS score of 4.6 (MEDIUM). Kdbg 1.1.0 through 1.2.8 does not check permissions of the .kdbgrc file, which allows local users to execute arbitrary commands.
How severe is CVE-2003-0644?
CVE-2003-0644 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2003-0644?
Check the references section above for vendor advisories and patch information. Affected products include: Johannes Sixt Kdbg.