kdesu program in KDE2 (KDE before 2.2.0-6) does not properly verify the owner of a UNIX socket that is used to send a password, which allows local users to steal passwords and gain privileges.
Affected Software
Name |
Vendor |
Start Version |
End Version |
Linux |
Conectiva |
6.0 |
6.0 |
References