Mandrake Linux Security Advisory : kdebase (MDKSA-2005:160)
High Nessus Plugin ID 19915
SynopsisThe remote Mandrake Linux host is missing one or more security updates.
DescriptionIlja van Sprundel from suresec.org notified the KDE security team about a serious lock file handling error in kcheckpass that can, in some configurations, be used to gain root access.
In order for an exploit to succeed, the directory /var/lock has to be writeable for a user that is allowed to invoke kcheckpass.
The updated packages have been patched to correct this problem.
SolutionUpdate the affected packages.