CVE-2003-1167 Information

Description

misc.cpp in KPopup 0.9.1 trusts the PATH variable when executing killall which allows local users to elevate their privileges by modifying the PATH variable to reference a malicious killall program.

Reference

http://secunia.com/advisories/10105 http://www.osvdb.org/2742 http://www.securityfocus.com/archive/1/342736 http://www.securityfocus.com/bid/8915 https://exchange.xforce.ibmcloud.com/vulnerabilities/13540