KDE kdesu Insecure Temporary File Creation Vulnerability

KDESu is a frontend for su(1) used by many KDE programs for the execution of commands with elevated privileges.

The kdesu program creates a world-readable temporary file when exchanging authentication information. As a result, it may be possible for a local attacker to use this information to gain access to the X server and compromise the account accessed by kdesu.


 

Privacy Statement
Copyright 2010, SecurityFocus