• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

KDE DCOPServer Insecure Temporary File Creation Vulnerability

KDEs DCOPServer is reported to contain an insecure temporary file creation vulnerability. This is due to the use of the mktemp() function.

Since temporary files are used by the DCOP daemon for authentication purposes, a local attacker may possibly exploit this vulnerability to compromise the account of a targeted user running KDE.

A local attacker may also possibly exploit this vulnerability to execute symbolic link file overwrite attacks. This may allow an attacker to overwrite arbitrary files with the privileges of the targeted user. Privilege escalation may also be possible using this method of attack.

KDE versions from 3.2.0 to 3.2.3 are reported susceptible to this vulnerability.