CVE-2003-0692 Information
Description
KDM in KDE 3.1.3 and earlier uses a weak session cookie generation algorithm that does not provide 128 bits of entropy which allows attackers to guess session cookies via brute force methods and gain access to the user session.
Reference
http://cert.uni-stuttgart.de/archive/suse/security/2002/12/msg00101.html http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000747 http://marc.info/?l=bugtraq&m=106374551513499&w=2 http://www.debian.org/security/2003/dsa-388 http://www.kde.org/info/security/advisory-20030916-1.txt http://www.mandriva.com/security/advisories?name=MDKSA-2003:091 http://www.redhat.com/support/errata/RHSA-2003-270.html http://www.redhat.com/support/errata/RHSA-2003-288.html https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A215
Share on: