KDE's kfm creates and uses temporary cache directories insecurely.
kfm, the KDE File Manager, creates a cache directory for each user. This directory is placed in /tmp and predictably named, based on the UID. These directories are created without checking for correct ownership or prior existence. Following creation, it will write files to these directories.
By creating directories, an attacker may be able to cause kfm to hang or crash. By a symlink attack, an attacker may be able to cause corruption of other files modifiable by the user of kfm.
The CERT/CC is currently unaware of a practical solution to this problem.
As root, create appropriately named cache directories in /tmp and chown them to the appropriate user. This will not be a robust fix.
No information available at this time.
Paul Starzetz initially reported this vulnerability.
This document was last modified by Tim Shimeall.
|Date First Published:||2001-05-30|
|Date Last Updated:||2001-05-30 14:37 UTC|