Unrated severityNVD Advisory· Published Mar 26, 2001· Updated Apr 16, 2026

CVE-2001-0178

Description

kdesu program in KDE2 (KDE before 2.2.0-6) does not properly verify the owner of a UNIX socket that is used to send a password, which allows local users to steal passwords and gain privileges.

Affected products

Caldera (company)/Openlinux Edesktop
cpe:2.3:o:caldera:openlinux_edesktop:2.4:*:*:*:*:*:*:*
Conectiva/Linux
cpe:2.3:o:conectiva:linux:6.0:*:*:*:*:*:*:*
Mandrakesoft/Mandrake Linux4 versions
cpe:2.3:o:mandrakesoft:mandrake_linux:6.1:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:o:mandrakesoft:mandrake_linux:6.1:*:*:*:*:*:*:*
- cpe:2.3:o:mandrakesoft:mandrake_linux:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:mandrakesoft:mandrake_linux:7.1:*:*:*:*:*:*:*
- cpe:2.3:o:mandrakesoft:mandrake_linux:7.2:*:*:*:*:*:*:*
Mandrakesoft/Mandrake Linux Corporate Server
cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:1.0.1:*:*:*:*:*:*:*
SUSE S.A./Linux6 versions
cpe:2.3:o:suse:suse_linux:6.0:*:*:*:*:*:*:*+ 5 more
- cpe:2.3:o:suse:suse_linux:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux:6.1:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux:6.2:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux:6.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux:6.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux:7.0:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.calderasystems.com/support/security/advisories/CSSA-2001-005.0.txtnvdPatchVendor Advisory
www.linux-mandrake.com/en/security/2001/MDKSA-2001-018.php3nvdPatchVendor Advisory
www.novell.com/linux/security/advisories/2001_002_kdesu_txt.htmlnvd
exchange.xforce.ibmcloud.com/vulnerabilities/5995nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000