KDM -- local privilege escalation vulnerability

2010-04-13T00:00:00
ID 3987C5D1-47A9-11DF-A0D5-0016D32F24FB
Type freebsd
Reporter FreeBSD
Modified 2010-04-14T00:00:00

Description

KDE Security Advisory reports:

KDM contains a race condition that allows local attackers to make arbitrary files on the system world-writeable. This can happen while KDM tries to create its control socket during user login. A local attacker with a valid local account can under certain circumstances make use of this vulnerability to execute arbitrary code as root.