VULHUB ™

Mandriva Linux Security Update Advisory - Ilja van Sprundel from suresec.org notified the KDE security team about a serious lock file handling error in kcheckpass that can, in some configurations, be used to gain root access. In order for an exploit to succeed, the directory /var/lock has to be writeable for a user that is allowed to invoke kcheckpass.

Mandriva Linux Security Update Advisory - Ilja van Sprundel from suresec.org notified the KDE security team about a serious lock file handling error in kcheckpass that can, in some configurations, be used to gain root access. In order for an exploit to succeed, the directory /var/lock has to be writeable for a user that is allowed to invoke kcheckpass.