CVE-2001-0610 - kfm as included with KDE 1.x can allow a local attacker to gain additional privileges via a symlink

CVE-2001-0610

Summary

kfm as included with KDE 1.x can allow a local attacker to gain additional privileges via a symlink attack in the kfm cache directory in /tmp.

References

Vulnerable Configurations

cpe:2.3:o:kde:kde:1.x:*:*:*:*:*:*:*
cpe:2.3:o:kde:kde:1.x:*:*:*:*:*:*:*
cpe:2.3:o:suse:suse_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:suse:suse_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:suse:suse_linux:7.0:*:ppc:*:*:*:*:*
cpe:2.3:o:suse:suse_linux:7.0:*:ppc:*:*:*:*:*
cpe:2.3:o:suse:suse_linux:7.0:*:sparc:*:*:*:*:*
cpe:2.3:o:suse:suse_linux:7.0:*:sparc:*:*:*:*:*
cpe:2.3:o:suse:suse_linux:7.0:alpha:*:*:*:*:*:*
cpe:2.3:o:suse:suse_linux:7.0:alpha:*:*:*:*:*:*

CVSS

CWE

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:L/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bugtraq	20010418 Insecure directory handling in KFM file manager
xf	kfm-tmpfile-symlink(6428)

Last major update

19-12-2017 - 02:29

Published

02-08-2001 - 04:00

Last modified

19-12-2017 - 02:29