CVE-2005-2494 Information
Description
kcheckpass in KDE 3.2.0 up to 3.4.2 allows local users to gain root access via a symlink attack on lock files.
Reference
ftp://ftp.kde.org/pub/kde/security_patches/post-3.4.2-kdebase-kcheckpass.diff http://marc.info/?l=bugtraq&m=112603999215453&w=2 http://marc.info/?l=bugtraq&m=112611555928169&w=2 http://secunia.com/advisories/16692 http://secunia.com/advisories/18139 http://secunia.com/advisories/21481 http://www.debian.org/security/2005/dsa-815 http://www.kde.org/info/security/advisory-20050905-1.txt http://www.mandriva.com/security/advisories?name=MDKSA-2005:160 http://www.redhat.com/support/errata/RHSA-2006-0582.html http://www.securityfocus.com/bid/14736 http://www.suresec.org/advisories/adv6.pdf http://www.ubuntu.com/usn/usn-176-1 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A9388
Share on: