CVE-2000-0393 | Vulnerability Database | Aqua Security

NVD

https://nvd.nist.gov/vuln/detail/CVE-2000-0393

CWE

https://cwe.mitre.org/data/definitions/NVD-Other.html

The KDE kscd program does not drop privileges when executing a program specified in a users SHELL environmental variable, which allows the user to gain privileges by specifying an alternate program to execute.

Affected Software

Name	Vendor	Start Version	End Version
Kde	Kde	1.1 (including)	1.1 (including)
Kde	Kde	1.1.1 (including)	1.1.1 (including)
Kde	Kde	1.2 (including)	1.2 (including)
Kde	Kde	2.0_beta (including)	2.0_beta (including)

References

http://archives.neohapsis.com/archives/bugtraq/2000-05/0172.html
http://www.novell.com/linux/security/advisories/suse_security_announce_50.html
http://www.securityfocus.com/bid/1206