On Friday 14 December 2001 01:14, wang yuan wrote: > hi,all ! > i'm sorry if this bug has been reported. > klprfax_filter (kdeutils-2.2-2),is an application to make > a printer that acts as a fax. > when using klprfax_filter,it would creat a temp > file,/tmp/klprfax.filter,but the temporary file was not > created safely,this vulnerability could be exploited to > overwrite arbitrary files! > just tested on redhat 7.1. This was announced by the KDE team on Nov 9. The solution is to remove the suid bit from efax. It seems to only need it for accessing the lock files and the modem. -- George Staikos
