Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2024-36041

Опубликовано: 05 июл. 2024
Источник: debian
EPSS Низкий

Описание

KSmserver in KDE Plasma Workspace (aka plasma-workspace) before 5.27.11.1 and 6.x before 6.0.5.1 allows connections via ICE based purely on the host, i.e., all local connections are accepted. This allows another user on the same machine to gain access to the session manager, e.g., use the session-restore feature to execute arbitrary code as the victim (on the next boot) via earlier use of the /tmp directory.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
plasma-workspacefixed4:5.27.11.1-1package

Примечания

  • https://kde.org/info/security/advisory-20240531-1.txt

  • Fixed by: https://invent.kde.org/plasma/plasma-workspace/-/commit/da843d3fdb143ed44094c8e6246cfb8305f6f09f

  • Fixed by: https://invent.kde.org/plasma/plasma-workspace/-/commit/1d5aa1d27bff87b2d242ed759cfb2ce15a5c3de7

  • The second commit is not needed due to plasma-workspace depending on x11-xserver-utils.

EPSS

Процентиль: 27%
0.00096
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2024-36041

CVSS3: 7.8
ubuntu
больше 1 года назад

KSmserver in KDE Plasma Workspace (aka plasma-workspace) before 5.27.11.1 and 6.x before 6.0.5.1 allows connections via ICE based purely on the host, i.e., all local connections are accepted. This allows another user on the same machine to gain access to the session manager, e.g., use the session-restore feature to execute arbitrary code as the victim (on the next boot) via earlier use of the /tmp directory.

nvd логотип

CVE-2024-36041

CVSS3: 7.8
nvd
больше 1 года назад

KSmserver in KDE Plasma Workspace (aka plasma-workspace) before 5.27.11.1 and 6.x before 6.0.5.1 allows connections via ICE based purely on the host, i.e., all local connections are accepted. This allows another user on the same machine to gain access to the session manager, e.g., use the session-restore feature to execute arbitrary code as the victim (on the next boot) via earlier use of the /tmp directory.

suse-cvrf логотип

openSUSE-SU-2024:0161-1

suse-cvrf
больше 1 года назад

Security update for plasma5-workspace

github логотип

GHSA-7xfq-9m67-9j5j

CVSS3: 7.8
github
больше 1 года назад

KSmserver in KDE Plasma Workspace (aka plasma-workspace) before 5.27.11.1 and 6.x before 6.0.5.1 allows connections via ICE based purely on the host, i.e., all local connections are accepted. This allows another user on the same machine to gain access to the session manager, e.g., use the session-restore feature to execute arbitrary code as the victim (on the next boot) via earlier use of the /tmp directory.

fstec логотип

BDU:2025-00953

CVSS3: 7.8
fstec
почти 2 года назад

Уязвимость графической среды рабочего стола Plasma Workspace, связанная с неверным сроком действия сеанса, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 27%
0.00096
Низкий