The DCOPServer in KDE 3.2.3 and previous versions allows local users to gain unauthorized access via a symlink attack on DCOP files in the /tmp directory.
kde kde 3.2.1