CVE-2017-8422

Опубликовано: 10 мая 2017

Источник: redhat

CVSS3: 7.8

Описание

KDE kdelibs before 4.14.32 and KAuth before 5.34 allow local users to gain root privileges by spoofing a callerID and leveraging a privileged helper app.

A privilege escalation flaw was found in the way kdelibs handled D-Bus messages. A local user could potentially use this flaw to gain root privileges by spoofing a callerID and leveraging a privileged helper application.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 5	kdelibs	Not affected
Red Hat Enterprise Linux 6	kdelibs	Not affected
Red Hat Enterprise Linux 6	kdelibs3	Not affected
Red Hat Enterprise Linux 6	kdelibs-experimental	Not affected
Red Hat Enterprise Linux 7	kdelibs-experimental	Not affected
Red Hat Enterprise Linux 7	kdelibs	Fixed	RHSA-2017:1264	22.05.2017

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important

Дефект:

CWE-290

https://bugzilla.redhat.com/show_bug.cgi?id=1449647kauth: service invoking dbus is not properly checked and allows local privilege escalation

7.8 High

CVSS3

Связанные уязвимости

CVE-2017-8422

CVSS3: 7.8

ubuntu

больше 8 лет назад

KDE kdelibs before 4.14.32 and KAuth before 5.34 allow local users to gain root privileges by spoofing a callerID and leveraging a privileged helper app.

CVE-2017-8422

CVSS3: 7.8

nvd

больше 8 лет назад

KDE kdelibs before 4.14.32 and KAuth before 5.34 allow local users to gain root privileges by spoofing a callerID and leveraging a privileged helper app.

CVE-2017-8422

CVSS3: 7.8

debian

больше 8 лет назад

KDE kdelibs before 4.14.32 and KAuth before 5.34 allow local users to ...

SUSE-SU-2017:1335-1

suse-cvrf

больше 8 лет назад

Security update for kdelibs4

GHSA-3x3g-jj7x-gr2f

CVSS3: 7.8

github

больше 3 лет назад

KDE kdelibs before 4.14.32 and KAuth before 5.34 allow local users to gain root privileges by spoofing a callerID and leveraging a privileged helper app.

7.8 High

CVSS3