https://www.exploit-db.com/exploits/19915
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200005-059

TheKDEkscd程序在执行指定用户SHELL环境变量的程序时没有降低权限，存在漏洞，用户可以通过执行指定交替程序获取特权。

source: http://www.securityfocus.com/bid/1206/info

Some linux distributions (S.u.S.E. 6.4 reported) ship with kscd (a CD player for the KDE Desktop) sgid disk. kscd uses the contents of the 'SHELL' environment variable to execute a browser. This makes it possible to obtain a sgid 'disk' shell. Using these privileges along with code provided in the exploit, it is possible to change attributes on raw disks. This in turns allows an attacker to create a root shell, thus compromising the intergrity of the machine. 

Red Hat, Linux Mandrake, and Turbo Linux do not currently ship with kscd setgid 'disk'.

https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/bin-sploits/19915.tgz

来源:BID
名称:1206
链接:http://www.securityfocus.com/bid/1206
来源:SUSE
名称:20000529kmulti<=1.1.2
链接:http://www.novell.com/linux/security/advisories/suse_security_announce_50.html
来源:BUGTRAQ
名称:20000516kscdvulnerability
链接:http://archives.neohapsis.com/archives/bugtraq/2000-05/0172.html