CVE-2008-1671 - Vulnerability Details - OpenCVE

start_kdeinit in KDE 3.5.5 through 3.5.9, when installed setuid root, allows local users to cause a denial of service and possibly execute arbitrary code via "user-influenceable input" (probably command-line arguments) that cause start_kdeinit to send SIGUSR1 signals to other processes.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Kde	Kde

Configuration 1 [-]

OR	cpe:2.3:o:kde:kde:3.5.5:::::::*
	cpe:2.3:o:kde:kde:3.5.6:::::::*
	cpe:2.3:o:kde:kde:3.5.7:::::::*
	cpe:2.3:o:kde:kde:3.5.8:::::::*
	cpe:2.3:o:kde:kde:3.5.9:::::::*

No data.

References

Link	Providers
ftp://ftp.kde.org/pub/kde/security_patches/post-kde-3.5.5-kinit.diff
http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html
http://secunia.com/advisories/29951
http://secunia.com/advisories/29977
http://secunia.com/advisories/30113
http://security.gentoo.org/glsa/glsa-200804-30.xml
http://www.kde.org/info/security/advisory-20080426-2.txt
http://www.mandriva.com/security/advisories?name=MDVSA-2008:097
http://www.securityfocus.com/bid/28938
http://www.securitytracker.com/id?1019924
http://www.ubuntu.com/usn/usn-608-1
http://www.vupen.com/english/advisories/2008/1370/references
https://exchange.xforce.ibmcloud.com/vulnerabilities/42039
https://nvd.nist.gov/vuln/detail/CVE-2008-1671
https://www.cve.org/CVERecord?id=CVE-2008-1671

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2008-04-28T17:00:00

Updated: 2024-08-07T08:32:00.600Z

Reserved: 2008-04-03T00:00:00

Link: CVE-2008-1671

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2008-04-28T17:05:00.000

Modified: 2025-04-09T00:30:58.490

Link: CVE-2008-1671

Redhat

Severity :

Publid Date: 2008-04-26T00:00:00Z

Links: CVE-2008-1671 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-04-28T00:00:00", "descriptions": [{"lang": "en", "value": "start_kdeinit in KDE 3.5.5 through 3.5.9, when installed setuid root, allows local users to cause a denial of service and possibly execute arbitrary code via \"user-influenceable input\" (probably command-line arguments) that cause start_kdeinit to send SIGUSR1 signals to other processes."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-07T12:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "30113", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/30113"}, {"tags": ["x_refsource_CONFIRM"], "url": "ftp://ftp.kde.org/pub/kde/security_patches/post-kde-3.5.5-kinit.diff"}, {"name": "GLSA-200804-30", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://security.gentoo.org/glsa/glsa-200804-30.xml"}, {"name": "SUSE-SR:2008:011", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html"}, {"name": "1019924", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1019924"}, {"name": "29977", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/29977"}, {"name": "USN-608-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/usn-608-1"}, {"name": "29951", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/29951"}, {"name": "ADV-2008-1370", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/1370/references"}, {"name": "28938", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/28938"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.kde.org/info/security/advisory-20080426-2.txt"}, {"name": "MDVSA-2008:097", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:097"}, {"name": "kde-startkdeinit-privilege-escalation(42039)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42039"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T08:32:00.600Z"}, "title": "CVE Program Container", "references": [{"name": "30113", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/30113"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "ftp://ftp.kde.org/pub/kde/security_patches/post-kde-3.5.5-kinit.diff"}, {"name": "GLSA-200804-30", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "http://security.gentoo.org/glsa/glsa-200804-30.xml"}, {"name": "SUSE-SR:2008:011", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html"}, {"name": "1019924", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1019924"}, {"name": "29977", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/29977"}, {"name": "USN-608-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/usn-608-1"}, {"name": "29951", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/29951"}, {"name": "ADV-2008-1370", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2008/1370/references"}, {"name": "28938", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/28938"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.kde.org/info/security/advisory-20080426-2.txt"}, {"name": "MDVSA-2008:097", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:097"}, {"name": "kde-startkdeinit-privilege-escalation(42039)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42039"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2008-1671", "datePublished": "2008-04-28T17:00:00", "dateReserved": "2008-04-03T00:00:00", "dateUpdated": "2024-08-07T08:32:00.600Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:kde:kde:3.5.5:*:*:*:*:*:*:*", "matchCriteriaId": "65CCBEC7-EF7F-43DB-892C-E9C93D3B3353", "vulnerable": true}, {"criteria": "cpe:2.3:o:kde:kde:3.5.6:*:*:*:*:*:*:*", "matchCriteriaId": "D2C3D851-540B-4F4C-BCC4-47F4C099D212", "vulnerable": true}, {"criteria": "cpe:2.3:o:kde:kde:3.5.7:*:*:*:*:*:*:*", "matchCriteriaId": "32DF6E2C-221F-4F99-9D5B-C3E48AF7A9F4", "vulnerable": true}, {"criteria": "cpe:2.3:o:kde:kde:3.5.8:*:*:*:*:*:*:*", "matchCriteriaId": "1E06B8C1-F186-4BC5-9C1D-DF5BC40FEDB2", "vulnerable": true}, {"criteria": "cpe:2.3:o:kde:kde:3.5.9:*:*:*:*:*:*:*", "matchCriteriaId": "F5F38CD2-8531-403D-B522-389DD4F8C5E7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "start_kdeinit in KDE 3.5.5 through 3.5.9, when installed setuid root, allows local users to cause a denial of service and possibly execute arbitrary code via \"user-influenceable input\" (probably command-line arguments) that cause start_kdeinit to send SIGUSR1 signals to other processes."}, {"lang": "es", "value": "start_kdeinit en KDE de 3.5.5 a 3.5.9, cuando est\u00e1 instalado setuid root, permite a usuarios locales provocar una denegaci\u00f3n de servicio y posiblemente ejecutar c\u00f3digo de su elecci\u00f3n mediante \"una entrada influenciable por el usuario\" (probablemente argumentos en l\u00ednea de comandos) que provocan que start_kdeinit env\u00ede se\u00f1ales SIGUSR1 a otros procesos."}], "id": "CVE-2008-1671", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2008-04-28T17:05:00.000", "references": [{"source": "secalert@redhat.com", "tags": ["Exploit"], "url": "ftp://ftp.kde.org/pub/kde/security_patches/post-kde-3.5.5-kinit.diff"}, {"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/29951"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/29977"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/30113"}, {"source": "secalert@redhat.com", "url": "http://security.gentoo.org/glsa/glsa-200804-30.xml"}, {"source": "secalert@redhat.com", "url": "http://www.kde.org/info/security/advisory-20080426-2.txt"}, {"source": "secalert@redhat.com", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:097"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/28938"}, {"source": "secalert@redhat.com", "url": "http://www.securitytracker.com/id?1019924"}, {"source": "secalert@redhat.com", "url": "http://www.ubuntu.com/usn/usn-608-1"}, {"source": "secalert@redhat.com", "url": "http://www.vupen.com/english/advisories/2008/1370/references"}, {"source": "secalert@redhat.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42039"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "ftp://ftp.kde.org/pub/kde/security_patches/post-kde-3.5.5-kinit.diff"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/29951"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/29977"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/30113"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://security.gentoo.org/glsa/glsa-200804-30.xml"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.kde.org/info/security/advisory-20080426-2.txt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:097"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/28938"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id?1019924"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/usn-608-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2008/1370/references"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42039"}], "sourceIdentifier": "secalert@redhat.com", "vendorComments": [{"comment": "Not vulnerable. This issue did not affect versions of KDE as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.", "lastModified": "2008-05-01T00:00:00", "organization": "Red Hat"}], "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-16"}], "source": "nvd@nist.gov", "type": "Primary"}]}