Debian DSA-4200-1 : kwallet-pam - security update

Fabian Vogt discovered that incorrect permission handling in the PAM module of the KDE Wallet could allow an unprivileged local user to gain ownership of arbitrary files. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security...

Debian: Security Advisory (DSA-4200-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2018-10380

CVE-2018-10380 affects kwallet-pam in KDE KWallet prior to 5.12.6, where local users can exploit a symlink to obtain ownership of arbitrary files. The vulnerability stems from insecure permission handling in the PAM module, enabling local privilege elevation with complete confidentiality, integri...

FreeBSD : KWallet-PAM -- Access to privileged files (83a548b5-4fa5-11e8-9a8e-001e2a3f778d)

The KDE Community reports : kwallet-pam was doing file writing and permission changing as root that with correct timing and use of carefully crafted symbolic links could allow a non privileged user to become the owner of any file on the system. C Tenable Network Security, Inc. The descriptive tex...