CVE-2016-3100

kinit in KDE Frameworks before 5.23.0 uses weak permissions (644) for /tmp/xauth-xxx-_y, which allows local users to obtain X11 cookies of other users and consequently capture keystrokes and possibly gain privileges by reading the file.

CVSS v3 8.4 HIGH
CVSS v2.0 2.1 LOW

8.4^/10

CVSS v3 : HIGH

V3 Legend

Vector : AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability : 2.5 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

2.1^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:L/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://lists.opensuse.org/opensuse-updates/2016-07/msg00001.html
http://www.kde.com/announcements/kde-frameworks-5.23.0.php
http://www.securityfocus.com/bid/91769
https://bugs.kde.org/show_bug.cgi?id=358593
https://bugs.kde.org/show_bug.cgi?id=363140
https://quickgit.kde.org/?p=kinit.git&a=commitdiff&h=72f3702dbe6cf15c06dc13da2c99c864e9022a58
https://quickgit.kde.org/?p=kinit.git&a=commitdiff&h=dece8fd89979cd1a86c03bcaceef6e9221e8d8cd
https://www.kde.org/info/security/advisory-20160621-1.txt
http://lists.opensuse.org/opensuse-updates/2016-07/msg00001.html
http://www.kde.com/announcements/kde-frameworks-5.23.0.php
http://www.securityfocus.com/bid/91769
https://bugs.kde.org/show_bug.cgi?id=358593
https://bugs.kde.org/show_bug.cgi?id=363140
https://quickgit.kde.org/?p=kinit.git&a=commitdiff&h=72f3702dbe6cf15c06dc13da2c99c864e9022a58
https://quickgit.kde.org/?p=kinit.git&a=commitdiff&h=dece8fd89979cd1a86c03bcaceef6e9221e8d8cd
https://www.kde.org/info/security/advisory-20160621-1.txt

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:opensuse:leap:42.1:::::::*
	cpe:2.3:o:opensuse:opensuse:13.2:::::::*

Configuration 2 (hide)

cpe:2.3:a:kde:kde_frameworks:*:*:*:*:*:*:*:*

History

21 Nov 2024, 02:49

Type	Values Removed	Values Added
References	~~() http://lists.opensuse.org/opensuse-updates/2016-07/msg00001.html -~~	() http://lists.opensuse.org/opensuse-updates/2016-07/msg00001.html -
References	~~() http://www.kde.com/announcements/kde-frameworks-5.23.0.php -~~	() http://www.kde.com/announcements/kde-frameworks-5.23.0.php -
References	~~() http://www.securityfocus.com/bid/91769 -~~	() http://www.securityfocus.com/bid/91769 -
References	~~() https://bugs.kde.org/show_bug.cgi?id=358593 -~~	() https://bugs.kde.org/show_bug.cgi?id=358593 -
References	~~() https://bugs.kde.org/show_bug.cgi?id=363140 -~~	() https://bugs.kde.org/show_bug.cgi?id=363140 -
References	~~() https://quickgit.kde.org/?p=kinit.git&a=commitdiff&h=72f3702dbe6cf15c06dc13da2c99c864e9022a58 -~~	() https://quickgit.kde.org/?p=kinit.git&a=commitdiff&h=72f3702dbe6cf15c06dc13da2c99c864e9022a58 -
References	~~() https://quickgit.kde.org/?p=kinit.git&a=commitdiff&h=dece8fd89979cd1a86c03bcaceef6e9221e8d8cd -~~	() https://quickgit.kde.org/?p=kinit.git&a=commitdiff&h=dece8fd89979cd1a86c03bcaceef6e9221e8d8cd -
References	~~() https://www.kde.org/info/security/advisory-20160621-1.txt -~~	() https://www.kde.org/info/security/advisory-20160621-1.txt -

Information

Published : 2016-07-13 15:59

Updated : 2025-04-12 10:46

NVD link : CVE-2016-3100

Mitre link : CVE-2016-3100

CVE.ORG link : CVE-2016-3100

JSON object : View

Products Affected

opensuse

leap
opensuse

kde

kde_frameworks

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

{"id": "CVE-2016-3100", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 8.4, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.5}]}, "published": "2016-07-13T15:59:02.420", "references": [{"url": "http://lists.opensuse.org/opensuse-updates/2016-07/msg00001.html", "source": "secalert@redhat.com"}, {"url": "http://www.kde.com/announcements/kde-frameworks-5.23.0.php", "source": "secalert@redhat.com"}, {"url": "http://www.securityfocus.com/bid/91769", "source": "secalert@redhat.com"}, {"url": "https://bugs.kde.org/show_bug.cgi?id=358593", "source": "secalert@redhat.com"}, {"url": "https://bugs.kde.org/show_bug.cgi?id=363140", "source": "secalert@redhat.com"}, {"url": "https://quickgit.kde.org/?p=kinit.git&a=commitdiff&h=72f3702dbe6cf15c06dc13da2c99c864e9022a58", "source": "secalert@redhat.com"}, {"url": "https://quickgit.kde.org/?p=kinit.git&a=commitdiff&h=dece8fd89979cd1a86c03bcaceef6e9221e8d8cd", "source": "secalert@redhat.com"}, {"url": "https://www.kde.org/info/security/advisory-20160621-1.txt", "source": "secalert@redhat.com"}, {"url": "http://lists.opensuse.org/opensuse-updates/2016-07/msg00001.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.kde.com/announcements/kde-frameworks-5.23.0.php", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/91769", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://bugs.kde.org/show_bug.cgi?id=358593", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://bugs.kde.org/show_bug.cgi?id=363140", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://quickgit.kde.org/?p=kinit.git&a=commitdiff&h=72f3702dbe6cf15c06dc13da2c99c864e9022a58", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://quickgit.kde.org/?p=kinit.git&a=commitdiff&h=dece8fd89979cd1a86c03bcaceef6e9221e8d8cd", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.kde.org/info/security/advisory-20160621-1.txt", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "kinit in KDE Frameworks before 5.23.0 uses weak permissions (644) for /tmp/xauth-xxx-_y, which allows local users to obtain X11 cookies of other users and consequently capture keystrokes and possibly gain privileges by reading the file."}, {"lang": "es", "value": "kinit en KDE Frameworks en versiones anteriores a 5.23.0 utiliza permisos d\u00e9biles (644) para /tmp/xauth-xxx-_y, lo que permite a usuarios locales obtener cookies X11 de otros usuarios y consecuentemente capturar pulsaciones del teclado y posiblemente obtener privilegios leyendo el archivo."}], "lastModified": "2025-04-12T10:46:40.837", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4863BE36-D16A-4D75-90D9-FD76DB5B48B7"}, {"criteria": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "03117DF1-3BEC-4B8D-AD63-DBBDB2126081"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:kde:kde_frameworks:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "98717EDA-C54E-486D-8C41-97DD9FA0E724", "versionEndIncluding": "5.22.0"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}

8.4 /10