Qt on Knoppix Linux /tmp/.qt/ Symlink Arbitrary File Overwrite
Local Access Required
Denial of Service,
Loss of Integrity
Knoppix contains a flaw that allows a local attacker to overwrite arbitrary files and possibly gain root privileges. The issue is due to the Qt library creating temporary files with static names that are vulnerable to standard symlink attack. If an attacker creates a symlink before a system reboot, they may overwrite arbitrary files. Under the right circumstances, an attacker could also use this to gain root privileges.
Currently, there are no known upgrades, patches, or workarounds available to correct this issue.