KDE KApplication configfile vulnerability

The KDE configuration-file management has a bug which could result in root compromise.

Due to insecure creation of configuration (rc) files via KApplication-class, local users can modify ownership of arbitrary files when running setuid root KDE-programs.

Properly exploited, this can permit a local attacker to change ownership of key system files, then write arbitrary data to them, allowing an elevation of privileges.


 

Privacy Statement
Copyright 2010, SecurityFocus