NuytsTech Security

CVE-2016-3100

by ·

kinit in KDE Frameworks before 5.23.0 uses weak permissions (644) for /tmp/xauth-xxx-_y, which allows local users to obtain X11 cookies of other users and consequently capture keystrokes and possibly gain privileges by reading the file.

Date published : 2016-07-13

http://www.securityfocus.com/bid/91769

http://www.kde.com/announcements/kde-frameworks-5.23.0.php

Tags: