Overview
KDE's kfm creates and uses temporary cache directories insecurely.
Description
kfm, the KDE File Manager, creates a cache directory for each user. This directory is placed in /tmp and predictably named, based on the UID. These directories are created without checking for correct ownership or prior existence. Following creation, it will write files to these directories. |
Impact
By creating directories, an attacker may be able to cause kfm to hang or crash. By a symlink attack, an attacker may be able to cause corruption of other files modifiable by the user of kfm. |
Solution
The CERT/CC is currently unaware of a practical solution to this problem. |
As root, create appropriately named cache directories in /tmp and chown them to the appropriate user. This will not be a robust fix. |
Vendor Information
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
Acknowledgements
Paul Starzetz initially reported this vulnerability.
This document was last modified by Tim Shimeall.
Other Information
| CVE IDs: | CVE-2001-0610 |
| Severity Metric: | 2.03 |
| Date Public: | 2001-05-02 |
| Date First Published: | 2001-05-30 |
| Date Last Updated: | 2001-05-30 14:37 UTC |
| Document Revision: | 7 |