PT-2017-18329 · Kde+5 · Kauth+6

Publicado

2017-04-19

Atualizado

2019-10-03

CVE-2017-8422

CVSS v3.1

7.8

Alta

Vetor

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions KDE kdelibs versions prior to 4.14.32 KAuth versions prior to 5.34

Description The issue allows local users to gain root privileges by spoofing a callerID and leveraging a privileged helper app. This can be exploited by local users to elevate their privileges.

Recommendations For KDE kdelibs versions prior to 4.14.32, update to version 4.14.32 or later. For KAuth versions prior to 5.34, update to version 5.34 or later. As a temporary workaround, consider restricting access to privileged helper apps until a patch is available.

Exploit

Correção

Authentication Bypass by Spoofing

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-290

Identificadores relacionados

ALT-PU-2017-1491

CESA-2017_1264

CVE-2017-8422

DLA-952-1

DSA-3849-1

MGASA-2017-0274

OPENSUSE-SU-2017:1254-1

OPENSUSE-SU-2017:1272-1

OPENSUSE-SU-2017_1272-1

OPENSUSE-SU-2024:10887-1

RHSA-2017:1264

RHSA-2017_1264

SUSE-SU-2017:1335-1

SUSE-SU-2017_1335-1

USN-3286-1

Produtos afetados

Alt Linux

Centos

Kauth

Kde Kdelibs

Red Hat

Suse

Ubuntu

PT-2017-18329 · Kde+5 · Kauth+6

CVE-2017-8422

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 52