Lucene search

MitreCVE-2004-1171

HistoryJan 10, 2005 - 5:00 a.m.

CVE-2004-1171

2005-01-1005:00:00

mitre

web.nvd.nist.gov

cve-2004-1171

kde

plaintext credentials

smb protocol

security vulnerability

nvd

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.2

Confidence

Low

EPSS

0.001

Percentile

37.0%

JSON

KDE 3.2.x and 3.3.0 through 3.3.2, when saving credentials that are (1) manually entered by the user or (2) created by the SMB protocol handler, stores those credentials for plaintext in the user’s .desktop file, which may be created with world-readable permissions, which could allow local users to obtain usernames and passwords for remote resources such as SMB shares.

Affected configurations

Nvd

Node

kdekdeMatch3.2

kdekdeMatch3.2.1

kdekdeMatch3.2.2

kdekdeMatch3.2.3

kdekdeMatch3.3

kdekdeMatch3.3.1

kdekdeMatch3.3.2

mandrakesoftmandrake_linuxMatch10.0

mandrakesoftmandrake_linuxMatch10.0amd64

mandrakesoftmandrake_linuxMatch10.1

mandrakesoftmandrake_linuxMatch10.1x86_64

redhatfedora_coreMatchcore_2.0

redhatfedora_coreMatchcore_3.0

VendorProductVersionCPE
kdekde3.2cpe:2.3:o:kde:kde:3.2:*:*:*:*:*:*:*
kdekde3.2.1cpe:2.3:o:kde:kde:3.2.1:*:*:*:*:*:*:*
kdekde3.2.2cpe:2.3:o:kde:kde:3.2.2:*:*:*:*:*:*:*
kdekde3.2.3cpe:2.3:o:kde:kde:3.2.3:*:*:*:*:*:*:*
kdekde3.3cpe:2.3:o:kde:kde:3.3:*:*:*:*:*:*:*
kdekde3.3.1cpe:2.3:o:kde:kde:3.3.1:*:*:*:*:*:*:*
kdekde3.3.2cpe:2.3:o:kde:kde:3.3.2:*:*:*:*:*:*:*
mandrakesoftmandrake_linux10.0cpe:2.3:o:mandrakesoft:mandrake_linux:10.0:*:*:*:*:*:*:*
mandrakesoftmandrake_linux10.0cpe:2.3:o:mandrakesoft:mandrake_linux:10.0:*:amd64:*:*:*:*:*
mandrakesoftmandrake_linux10.1cpe:2.3:o:mandrakesoft:mandrake_linux:10.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
kde	kde	3.2	cpe:2.3:o:kde:kde:3.2:::::::*
kde	kde	3.2.1	cpe:2.3:o:kde:kde:3.2.1:::::::*
kde	kde	3.2.2	cpe:2.3:o:kde:kde:3.2.2:::::::*
kde	kde	3.2.3	cpe:2.3:o:kde:kde:3.2.3:::::::*
kde	kde	3.3	cpe:2.3:o:kde:kde:3.3:::::::*
kde	kde	3.3.1	cpe:2.3:o:kde:kde:3.3.1:::::::*
kde	kde	3.3.2	cpe:2.3:o:kde:kde:3.3.2:::::::*
mandrakesoft	mandrake_linux	10.0	cpe:2.3:o:mandrakesoft:mandrake_linux:10.0:::::::*
mandrakesoft	mandrake_linux	10.0	cpe:2.3:o:mandrakesoft:mandrake_linux:10.0::amd64:::::
mandrakesoft	mandrake_linux	10.1	cpe:2.3:o:mandrakesoft:mandrake_linux:10.1:::::::*

Rows per page:

1-10 of 131

References

archives.neohapsis.com/archives/fulldisclosure/2004-11/1292.html

marc.info/?l=bugtraq&m=110178786809694&w=2

marc.info/?l=bugtraq&m=110261063201488&w=2

secunia.com/advisories/13477

secunia.com/advisories/13486

secunia.com/advisories/13560

securitytracker.com/id?1012471

www.ciac.org/ciac/bulletins/p-051.shtml

www.gentoo.org/security/en/glsa/glsa-200412-16.xml

www.kb.cert.org/vuls/id/305294

www.kde.org/info/security/advisory-20041209-1.txt

www.mandriva.com/security/advisories?name=MDKSA-2004:150

www.osvdb.org/12248

www.sec-consult.com/index.php?id=118

www.securityfocus.com/bid/11866

exchange.xforce.ibmcloud.com/vulnerabilities/18267

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.2

Confidence

Low

EPSS

0.001

Percentile

37.0%

JSON

Related for CVE-2004-1171