• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

KDE K-Mail File Creation Vulnerability

KMail is a mail user agent that comes with the kdenetwork package, part of the K Desktop Environment. A vulnerability in the way KMail creates temporary files to save attachments may allow malicious users to overwrite any file that user running KMail has permissions to.

When viewing messages with attachments KMail creates a directory under /tmp in which to store the attachments with a predictable name of the form "kmail<pid of kmail>". KMail fails to verify whether the directory exists and follows symbolic links. This allows local attackers to create or overwrite files with contents they can select in any directory and/or file writable by the user running KMail.