[ Suresec Advisories ] - Kcheckpass file creation vulnerability

[Suresec Advisories <advisories () suresec org>]

Suresec Security Advisory  - #00006
05/09/05

Kcheckpass file creation vulnerability
Advisory: http://www.suresec.org/advisories/adv6.pdf

Description:

A lockfile handling error was found in kcheckpass which can,
in certain configurations be used to create world writable files.

Exploitation of this vulnerability may lead to elevated privileges .

The vulnerability was discovered by Ilja van Sprundel.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/