[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[linux-security] kdesu security hole

To: linux-security
Subject: [linux-security] kdesu security hole
From: Martin Siegert <siegert@sfu.ca>
Date: Thu, 3 May 2001 18:28:33 -0700
User-Agent: Mutt/1.2.5i

Topic
=====
insecure tempfile creation in kdesu

Problem Description
===================
kdesu created a world-readable temporary file to exchange authentication
information and delete it shortly after. This can be abused by a local
user to gain access to the X server and can result in a compromise of the
account kdesu accesses.

Affected Systems
================
RedHat 7.1

Not Affected
============
RedHat 6.x, 7.0

Solution
========
RedHat 7.1
----------
rpm -Fvh kdelibs-2.1.2-1.i386.rpm \
         kdelibs-devel-2.1.2-1.i386.rpm \
         kdelibs-sound-2.1.2-1.i386.rpm \
         kdelibs-sound-devel-2.1.2-1.i386.rpm \
         arts-2.1.2-1.i386.rpm

Prev by Date: [linux-security] format string bugs in gftp
Next by Date: [linux-security] insecure creation of swap files in RH 7.1
Prev by thread: [linux-security] insecure creation of swap files in RH 7.1
Next by thread: [linux-security] format string bugs in gftp
Index(es):
- Date
- Thread