KDE before 3.3.0 does not properly handle when certain symbolic links point to stale locations, which could allow local users to create or truncate arbitrary files.
The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Kde | Kde | * | 3.3 (excluding) |
Red Hat Enterprise Linux 3 | RedHat | kdebase-6:3.1.3-5.4 | * |
Red Hat Enterprise Linux 3 | RedHat | kdelibs-6:3.1.3-6.6 | * |