Mandrake Linux Security Advisory : kdeedu (MDKSA-2005:159)
Medium Nessus Plugin ID 19914
SynopsisThe remote Mandrake Linux host is missing one or more security updates.
DescriptionBen Burton notified the KDE security team about several tempfile handling related vulnerabilities in langen2kvtml, a conversion script for kvoctrain. This vulnerability was initially discovered by Javier Fernández-Sanguino Peña.
The script uses known filenames in /tmp which allow an local attacker to overwrite files writeable by the user (manually) invoking the conversion script.
The updated packages have been patched to correct this problem.
SolutionUpdate the affected packages.