PT-2017-18329 · Kde+5 · Kauth+6

Published

2017-04-19

Updated

2019-10-03

CVE-2017-8422

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions KDE kdelibs versions prior to 4.14.32 KAuth versions prior to 5.34

Description The issue allows local users to gain root privileges by spoofing a callerID and leveraging a privileged helper app. This can be exploited by local users to elevate their privileges.

Recommendations For KDE kdelibs versions prior to 4.14.32, update to version 4.14.32 or later. For KAuth versions prior to 5.34, update to version 5.34 or later. As a temporary workaround, consider restricting access to privileged helper apps until a patch is available.

Exploit

Fix

Authentication Bypass by Spoofing

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-290

Related Identifiers

ALT-PU-2017-1491

CESA-2017_1264

CVE-2017-8422

DLA-952-1

DSA-3849-1

MGASA-2017-0274

OPENSUSE-SU-2017:1254-1

OPENSUSE-SU-2017:1272-1

OPENSUSE-SU-2017_1272-1

OPENSUSE-SU-2024:10887-1

RHSA-2017:1264

RHSA-2017_1264

SUSE-SU-2017:1335-1

SUSE-SU-2017_1335-1

USN-3286-1

Affected Products

Alt Linux

Centos

Kauth

Kde Kdelibs

Red Hat

Suse

Ubuntu

PT-2017-18329 · Kde+5 · Kauth+6

CVE-2017-8422

Weakness Enumeration

Related Identifiers

Affected Products

References · 52