misc.cpp in KPopup 0.9.1 trusts the PATH variable when executing killall, which allows local users to elevate their privileges by modifying the PATH variable to reference a malicious killall program.Referenceshttp://www.osvdb.org/2742https://exchange.xforce.ibmcloud.com/vulnerabilities/13540http://www.securityfocus.com/bid/8915http://www.securityfocus.com/archive/1/342736http://secunia.com/advisories/10105
