The init script in kbd, possibly 1.14.1 and earlier, allows local users to overwrite arbitrary files via a symlink attack on /dev/shm/defkeymap.map.
The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Kbd | Kbd-project | 0.99 | 0.99 |
| Kbd | Kbd-project | 1.01 | 1.01 |
| Kbd | Kbd-project | 1.03 | 1.03 |
| Kbd | Kbd-project | 1.04 | 1.04 |
| Kbd | Kbd-project | 1.05 | 1.05 |
| Kbd | Kbd-project | 1.06 | 1.06 |
| Kbd | Kbd-project | 1.08 | 1.08 |
| Kbd | Kbd-project | 1.10 | 1.10 |
| Kbd | Kbd-project | 1.11 | 1.11 |
| Kbd | Kbd-project | 1.12 | 1.12 |
| Kbd | Kbd-project | 1.13 | 1.13 |
| Kbd | Kbd-project | 1.14 | 1.14 |
| Kbd | Kbd-project | * | 1.14.1 |
| Opensuse | Opensuse | 11.2 | 11.2 |
| Opensuse | Opensuse | 11.3 | 11.3 |
| Kbd | Ubuntu | hardy | * |