CVE-2016-3100

2016-07-13T15:59:00
ID CVE-2016-3100
Type cve
Reporter cve@mitre.org
Modified 2018-10-30T16:27:00

Description

kinit in KDE Frameworks before 5.23.0 uses weak permissions (644) for /tmp/xauth-xxx-_y, which allows local users to obtain X11 cookies of other users and consequently capture keystrokes and possibly gain privileges by reading the file.