It was found that kdeinit5 creates /tmp/xauth-xxx-_y with inappropriate permission, which are 644 instead of 600. This can be exploited by stealing X11 cookie and running X11 keylogger. Malicious user is able to read key strokes of a different user which might be a sudo user. If attacker can log key events of a sudo user then it can lead to local privilege escalation. Upstream bugs: https://bugs.kde.org/show_bug.cgi?id=358593 https://bugs.kde.org/show_bug.cgi?id=363140 Upstream patches: https://quickgit.kde.org/?p=kinit.git&a=commitdiff&h=dece8fd89979cd1a86c03bcaceef6e9221e8d8cd https://quickgit.kde.org/?p=kinit.git&a=commitdiff&h=72f3702dbe6cf15c06dc13da2c99c864e9022a58
Acknowledgments: Name: Stephan Mueller (Atsec)
External References: https://www.kde.org/info/security/advisory-20160621-1.txt