CVE-2004-1171

Publication date 10 January 2005

Last updated 24 July 2024

Ubuntu priority

KDE 3.2.x and 3.3.0 through 3.3.2, when saving credentials that are (1) manually entered by the user or (2) created by the SMB protocol handler, stores those credentials for plaintext in the user's .desktop file, which may be created with world-readable permissions, which could allow local users to obtain usernames and passwords for remote resources such as SMB shares.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
kdebase	7.04 feisty	Fixed 3.5.6-0ubuntu20.2
	6.10 edgy	Fixed 3.5.5-0ubuntu3.5
	6.06 LTS dapper	Fixed 3.5.2-0ubuntu27.1
kdelibs	7.04 feisty	Fixed 3.5.6-0ubuntu14.1
	6.10 edgy	Fixed 3.5.5-0ubuntu3.5
	6.06 LTS dapper	Fixed 3.5.2-0ubuntu18.5

How can I get the fixes?
What do statuses mean?

References

MITRE
NVD
Launchpad
Debian

Other references

https://www.cve.org/CVERecord?id=CVE-2004-1171