Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2019-7443

Опубликовано: 07 мая 2019
Источник: debian

Описание

KDE KAuth before 5.55 allows the passing of parameters with arbitrary types to helpers running as root over DBus via DBusHelperProxy.cpp. Certain types can cause crashes, and trigger the decoding of arbitrary images with dynamically loaded plugins. In other words, KAuth unintentionally causes this plugin code to run as root, which increases the severity of any possible exploitation of a plugin vulnerability.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
kauthfixed5.54.0-2package
kauthfixed5.28.0-2+deb9u1stretchpackage
kde4libsremovedpackage
kde4libsignoredbusterpackage
kde4libsignoredstretchpackage
kde4libsno-dsajessiepackage

Примечания

  • https://mail.kde.org/pipermail/kde-announce/2019-February/000011.html

  • https://github.com/KDE/kauth/commit/fc70fb0161c1b9144d26389434d34dd135cd3f4a

Связанные уязвимости

ubuntu логотип

CVE-2019-7443

CVSS3: 8.1
ubuntu
больше 6 лет назад

KDE KAuth before 5.55 allows the passing of parameters with arbitrary types to helpers running as root over DBus via DBusHelperProxy.cpp. Certain types can cause crashes, and trigger the decoding of arbitrary images with dynamically loaded plugins. In other words, KAuth unintentionally causes this plugin code to run as root, which increases the severity of any possible exploitation of a plugin vulnerability.

nvd логотип

CVE-2019-7443

CVSS3: 8.1
nvd
больше 6 лет назад

KDE KAuth before 5.55 allows the passing of parameters with arbitrary types to helpers running as root over DBus via DBusHelperProxy.cpp. Certain types can cause crashes, and trigger the decoding of arbitrary images with dynamically loaded plugins. In other words, KAuth unintentionally causes this plugin code to run as root, which increases the severity of any possible exploitation of a plugin vulnerability.

suse-cvrf логотип

openSUSE-SU-2019:0242-1

suse-cvrf
почти 7 лет назад

Security update for kauth

github логотип

GHSA-wmpm-pm59-7mfw

CVSS3: 8.1
github
больше 3 лет назад

KDE KAuth before 5.55 allows the passing of parameters with arbitrary types to helpers running as root over DBus via DBusHelperProxy.cpp. Certain types can cause crashes, and trigger the decoding of arbitrary images with dynamically loaded plugins. In other words, KAuth unintentionally causes this plugin code to run as root, which increases the severity of any possible exploitation of a plugin vulnerability.