A vulnerability was found in start_kdeinit in KDE 3.5.5 through 3.5.9 where, if it was installed setuid root, it could allow local users to cause a denial of service or possibly execute arbitrary code . By default, start_kdeinit is not installed setuid root on Mandriva Linux, however updated packages have been patched to correct this issue.