January 30, 2001

SuSE advisory: kdesu

Author: JT Smith

When kdesu, a KDE frontend for su is invoked, it prompts the user for the root password and runs su. However, when the password is stored by selecting the 'keep password' option in the program, it doesn't make an attempt to verify certain items, which could allow an attacker to gain the root password. Complete details and security patches can be found at LWN.net.


  • Linux
Click Here!