Red Hat Bugzilla – Bug 148822
CAN-2005-0365 dcopidlng insecure temporary file usage
Last modified: 2007-11-30 17:07:16 EST
The dcopidlng script in KDE 3.3.2 creates temporary files with predictable
filenames, which allows local users to overwrite arbitrary files via a symlink
The kde BTS has more information:
it's now fixed in kdelibs-3.3.1-3.4, which is built in 4E-errata-candidate.
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.