{"id":"CVE-2016-3100","details":"kinit in KDE Frameworks before 5.23.0 uses weak permissions (644) for /tmp/xauth-xxx-_y, which allows local users to obtain X11 cookies of other users and consequently capture keystrokes and possibly gain privileges by reading the file.","modified":"2026-03-15T22:21:59.994536Z","published":"2016-07-13T15:59:02.420Z","related":["SUSE-SU-2016:2217-1","openSUSE-SU-2024:10527-1"],"references":[{"type":"WEB","url":"http://www.kde.com/announcements/kde-frameworks-5.23.0.php"},{"type":"WEB","url":"http://www.securityfocus.com/bid/91769"},{"type":"WEB","url":"https://bugs.kde.org/show_bug.cgi?id=358593"},{"type":"WEB","url":"https://bugs.kde.org/show_bug.cgi?id=363140"},{"type":"WEB","url":"https://quickgit.kde.org/?p=kinit.git&a=commitdiff&h=72f3702dbe6cf15c06dc13da2c99c864e9022a58"},{"type":"WEB","url":"https://quickgit.kde.org/?p=kinit.git&a=commitdiff&h=dece8fd89979cd1a86c03bcaceef6e9221e8d8cd"},{"type":"WEB","url":"http://lists.opensuse.org/opensuse-updates/2016-07/msg00001.html"},{"type":"ADVISORY","url":"https://www.kde.org/info/security/advisory-20160621-1.txt"}],"affected":[{"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-3100.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"42.1"}]},{"events":[{"introduced":"0"},{"last_affected":"13.2"}]},{"events":[{"introduced":"0"},{"last_affected":"5.22.0"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}