KDE before 3.3.0 does not properly handle when certain symbolic links point to "stale" locations, which could allow local users to create or truncate arbitrary files.

The DCOPServer in KDE 3.2.3 and earlier allows local users to gain unauthorized access via a symlink attack on DCOP files in the /tmp directory.