Red Hat Bugzilla – Bug 180060
CAN-2005-2101 kdeedu- langen2kvtml tempfile vulnerability
Last modified: 2007-08-30 15:57:31 EDT
+++ This bug was initially created as a clone of Bug #165606 +++
Ben Burton notified the KDE security team about several tempfile handling
related vulnerabilities in langen2kvtml, a conversion script for kvoctrain. The
script must be manually invoked.
The script uses known filenames in /tmp which allow an local attacker to
overwrite files writeable by the user invoking the conversion script.
This issue should also affect FC3
-- Additional comment from firstname.lastname@example.org on 2005-08-10 14:59 EST --
Created an attachment (id=117621)
Proposed upstream patch
-- Additional comment from email@example.com on 2005-08-10 16:25 EST --
it's now fixed in kdeedu-3.4.2-0.fc4.2 (FC4) and kdeedu-3.4.2-0.fc3.2 (FC3)
-- Additional comment from firstname.lastname@example.org on 2005-10-25 07:48 EST --
This issue currently only affects RHL7.3, RHL9, FC1, & FC2.
Fedora Legacy project has ended. These will not be fixed by Fedora Legacy.