{"vuid":"VU#700216","idnumber":"700216","name":"KDE KFM creates temporary files insecurely","keywords":["KDE","KFM","KDE File Manager","temp","tmp","symlink","symbolic link","race"],"overview":"KDE's kfm creates and uses temporary cache directories insecurely.","clean_desc":"kfm, the KDE File Manager, creates a cache directory for each user. This directory is placed in /tmp and predictably named, based on the UID. These directories are created without checking for correct ownership or prior existence. Following creation, it will write files to these directories.","impact":"By creating directories, an attacker may be able to cause kfm to hang or crash. By a symlink attack, an attacker may be able to cause corruption of other files modifiable by the user of kfm.","resolution":"The CERT/CC is currently unaware of a practical solution to this problem.","workarounds":"As root, create appropriately named cache directories in /tmp and chown them to the appropriate user. This will not be a robust fix.","sysaffected":"","thanks":"Paul Starzetz initially reported this vulnerability.","author":"This document was last modified by Tim Shimeall.","public":["h","t","t","p",":","/","/","w","w","w",".","s","e","c","u","r","i","t","y","f","o","c","u","s",".","c","o","m","/","b","i","d","/","2","6","2","9"],"cveids":["CVE-2001-0610"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2001-05-02T23:43:09Z","publicdate":"2001-05-02T00:00:00Z","datefirstpublished":"2001-05-30T14:37:56Z","dateupdated":"2001-05-30T14:37:56Z","revision":7,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"15","cam_exploitation":"0","cam_internetinfrastructure":"3","cam_population":"10","cam_impact":"4","cam_easeofexploitation":"15","cam_attackeraccessrequired":"10","cam_scorecurrent":"2.025","cam_scorecurrentwidelyknown":"2.5875","cam_scorecurrentwidelyknownexploited":"4.8375","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":2.025,"vulnote":null}