Vulnerability Description
KDM in KDE 3.1.3 and earlier uses a weak session cookie generation algorithm that does not provide 128 bits of entropy, which allows attackers to guess session cookies via brute force methods and gain access to the user session.
CVSS Score
7.5
HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Kde | Kde | 1.1 |
References
- http://cert.uni-stuttgart.de/archive/suse/security/2002/12/msg00101.html
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000747
- http://marc.info/?l=bugtraq&m=106374551513499&w=2
- http://www.debian.org/security/2003/dsa-388PatchVendor Advisory
- http://www.kde.org/info/security/advisory-20030916-1.txtPatchVendor Advisory
- http://www.mandriva.com/security/advisories?name=MDKSA-2003:091
- http://www.redhat.com/support/errata/RHSA-2003-270.htmlPatchVendor Advisory
- http://www.redhat.com/support/errata/RHSA-2003-288.html
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- http://cert.uni-stuttgart.de/archive/suse/security/2002/12/msg00101.html
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000747
- http://marc.info/?l=bugtraq&m=106374551513499&w=2
- http://www.debian.org/security/2003/dsa-388PatchVendor Advisory
- http://www.kde.org/info/security/advisory-20030916-1.txtPatchVendor Advisory
- http://www.mandriva.com/security/advisories?name=MDKSA-2003:091
FAQ
What is CVE-2003-0692?
CVE-2003-0692 is a vulnerability with a CVSS score of 7.5 (HIGH). KDM in KDE 3.1.3 and earlier uses a weak session cookie generation algorithm that does not provide 128 bits of entropy, which allows attackers to guess session cookies via brute force methods and gain...
How severe is CVE-2003-0692?
CVE-2003-0692 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2003-0692?
Check the references section above for vendor advisories and patch information. Affected products include: Kde Kde.