FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

KWallet-PAM -- Access to privileged files

Affected packages
plasma5-kwallet-pam < 5.12.5_1

Details

VuXML ID 83a548b5-4fa5-11e8-9a8e-001e2a3f778d
Discovery 2018-05-04
Entry 2018-05-04

The KDE Community reports:

kwallet-pam was doing file writing and permission changing as root that with correct timing and use of carefully crafted symbolic links could allow a non privileged user to become the owner of any file on the system.

References

URL https://www.kde.org/info/security/advisory-20180503-1.txt