All the vulnerabilites related to kde - kauth
cve-2014-5033
Vulnerability from cvelistv5
Published
2014-08-19 18:00
Modified
2024-08-06 11:34
Severity ?
EPSS score ?
Summary
KDE kdelibs before 4.14 and kauth before 5.1 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, related to CVE-2013-4288 and "PID reuse race conditions."
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/60385 | third-party-advisory, x_refsource_SECUNIA | |
| http://rhn.redhat.com/errata/RHSA-2014-1359.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.debian.org/security/2014/dsa-3004 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.ubuntu.com/usn/USN-2304-1 | vendor-advisory, x_refsource_UBUNTU | |
| http://quickgit.kde.org/?p=kauth.git&a=commit&h=341b7d84b6d9c03cf56905cb277b47e11c81482a | x_refsource_CONFIRM | |
| http://www.kde.org/info/security/advisory-20140730-1.txt | x_refsource_CONFIRM | |
| http://secunia.com/advisories/60654 | third-party-advisory, x_refsource_SECUNIA | |
| http://lists.opensuse.org/opensuse-updates/2014-08/msg00012.html | vendor-advisory, x_refsource_SUSE | |
| http://secunia.com/advisories/60633 | third-party-advisory, x_refsource_SECUNIA | |
| http://quickgit.kde.org/?p=kdelibs.git&a=commitdiff&h=e4e7b53b71e2659adaf52691d4accc3594203b23 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:34:37.288Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "60385",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/60385"
},
{
"name": "RHSA-2014:1359",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1359.html"
},
{
"name": "DSA-3004",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-3004"
},
{
"name": "USN-2304-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2304-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://quickgit.kde.org/?p=kauth.git\u0026a=commit\u0026h=341b7d84b6d9c03cf56905cb277b47e11c81482a"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.kde.org/info/security/advisory-20140730-1.txt"
},
{
"name": "60654",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/60654"
},
{
"name": "openSUSE-SU-2014:0981",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-08/msg00012.html"
},
{
"name": "60633",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/60633"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://quickgit.kde.org/?p=kdelibs.git\u0026a=commitdiff\u0026h=e4e7b53b71e2659adaf52691d4accc3594203b23"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-07-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "KDE kdelibs before 4.14 and kauth before 5.1 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, related to CVE-2013-4288 and \"PID reuse race conditions.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-10-14T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "60385",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/60385"
},
{
"name": "RHSA-2014:1359",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1359.html"
},
{
"name": "DSA-3004",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-3004"
},
{
"name": "USN-2304-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2304-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://quickgit.kde.org/?p=kauth.git\u0026a=commit\u0026h=341b7d84b6d9c03cf56905cb277b47e11c81482a"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.kde.org/info/security/advisory-20140730-1.txt"
},
{
"name": "60654",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/60654"
},
{
"name": "openSUSE-SU-2014:0981",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-08/msg00012.html"
},
{
"name": "60633",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/60633"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://quickgit.kde.org/?p=kdelibs.git\u0026a=commitdiff\u0026h=e4e7b53b71e2659adaf52691d4accc3594203b23"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-5033",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "KDE kdelibs before 4.14 and kauth before 5.1 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, related to CVE-2013-4288 and \"PID reuse race conditions.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "60385",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60385"
},
{
"name": "RHSA-2014:1359",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1359.html"
},
{
"name": "DSA-3004",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-3004"
},
{
"name": "USN-2304-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2304-1"
},
{
"name": "http://quickgit.kde.org/?p=kauth.git\u0026a=commit\u0026h=341b7d84b6d9c03cf56905cb277b47e11c81482a",
"refsource": "CONFIRM",
"url": "http://quickgit.kde.org/?p=kauth.git\u0026a=commit\u0026h=341b7d84b6d9c03cf56905cb277b47e11c81482a"
},
{
"name": "http://www.kde.org/info/security/advisory-20140730-1.txt",
"refsource": "CONFIRM",
"url": "http://www.kde.org/info/security/advisory-20140730-1.txt"
},
{
"name": "60654",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60654"
},
{
"name": "openSUSE-SU-2014:0981",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-08/msg00012.html"
},
{
"name": "60633",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60633"
},
{
"name": "http://quickgit.kde.org/?p=kdelibs.git\u0026a=commitdiff\u0026h=e4e7b53b71e2659adaf52691d4accc3594203b23",
"refsource": "CONFIRM",
"url": "http://quickgit.kde.org/?p=kdelibs.git\u0026a=commitdiff\u0026h=e4e7b53b71e2659adaf52691d4accc3594203b23"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-5033",
"datePublished": "2014-08-19T18:00:00",
"dateReserved": "2014-07-22T00:00:00",
"dateUpdated": "2024-08-06T11:34:37.288Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-7443
Vulnerability from cvelistv5
Published
2019-05-07 18:41
Modified
2024-08-04 20:46
Severity ?
EPSS score ?
Summary
KDE KAuth before 5.55 allows the passing of parameters with arbitrary types to helpers running as root over DBus via DBusHelperProxy.cpp. Certain types can cause crashes, and trigger the decoding of arbitrary images with dynamically loaded plugins. In other words, KAuth unintentionally causes this plugin code to run as root, which increases the severity of any possible exploitation of a plugin vulnerability.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:46:46.316Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00060.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00065.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DAWLQKTUQJOAPXOFWJQAQCA4LVM2P45F/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PXVUJNXB6QKGPT6YJPJSG3U2BIR5XK5Y/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cgit.kde.org/kauth.git/commit/?id=fc70fb0161c1b9144d26389434d34dd135cd3f4a"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1124863"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "KDE KAuth before 5.55 allows the passing of parameters with arbitrary types to helpers running as root over DBus via DBusHelperProxy.cpp. Certain types can cause crashes, and trigger the decoding of arbitrary images with dynamically loaded plugins. In other words, KAuth unintentionally causes this plugin code to run as root, which increases the severity of any possible exploitation of a plugin vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-07T18:41:37",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00060.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00065.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DAWLQKTUQJOAPXOFWJQAQCA4LVM2P45F/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PXVUJNXB6QKGPT6YJPJSG3U2BIR5XK5Y/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cgit.kde.org/kauth.git/commit/?id=fc70fb0161c1b9144d26389434d34dd135cd3f4a"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1124863"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-7443",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "KDE KAuth before 5.55 allows the passing of parameters with arbitrary types to helpers running as root over DBus via DBusHelperProxy.cpp. Certain types can cause crashes, and trigger the decoding of arbitrary images with dynamically loaded plugins. In other words, KAuth unintentionally causes this plugin code to run as root, which increases the severity of any possible exploitation of a plugin vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00060.html",
"refsource": "MISC",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00060.html"
},
{
"name": "http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00065.html",
"refsource": "MISC",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00065.html"
},
{
"name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DAWLQKTUQJOAPXOFWJQAQCA4LVM2P45F/",
"refsource": "MISC",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DAWLQKTUQJOAPXOFWJQAQCA4LVM2P45F/"
},
{
"name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PXVUJNXB6QKGPT6YJPJSG3U2BIR5XK5Y/",
"refsource": "MISC",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PXVUJNXB6QKGPT6YJPJSG3U2BIR5XK5Y/"
},
{
"name": "https://cgit.kde.org/kauth.git/commit/?id=fc70fb0161c1b9144d26389434d34dd135cd3f4a",
"refsource": "MISC",
"url": "https://cgit.kde.org/kauth.git/commit/?id=fc70fb0161c1b9144d26389434d34dd135cd3f4a"
},
{
"name": "https://bugzilla.suse.com/show_bug.cgi?id=1124863",
"refsource": "CONFIRM",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1124863"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-7443",
"datePublished": "2019-05-07T18:41:37",
"dateReserved": "2019-02-05T00:00:00",
"dateUpdated": "2024-08-04T20:46:46.316Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-8422
Vulnerability from cvelistv5
Published
2017-05-17 14:00
Modified
2024-08-05 16:34
Severity ?
EPSS score ?
Summary
KDE kdelibs before 4.14.32 and KAuth before 5.34 allow local users to gain root privileges by spoofing a callerID and leveraging a privileged helper app.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1038480 | vdb-entry, x_refsource_SECTRACK | |
| https://www.exploit-db.com/exploits/42053/ | exploit, x_refsource_EXPLOIT-DB | |
| https://www.kde.org/info/security/advisory-20170510-1.txt | x_refsource_CONFIRM | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1449647 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/98412 | vdb-entry, x_refsource_BID | |
| https://security.gentoo.org/glsa/201706-29 | vendor-advisory, x_refsource_GENTOO | |
| https://cgit.kde.org/kdelibs.git/commit/?id=264e97625abe2e0334f97de17f6ffb52582888ab | x_refsource_CONFIRM | |
| http://www.debian.org/security/2017/dsa-3849 | vendor-advisory, x_refsource_DEBIAN | |
| https://cgit.kde.org/kauth.git/commit/?id=df875f725293af53399f5146362eb158b4f9216a | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2017/05/10/3 | mailing-list, x_refsource_MLIST | |
| https://access.redhat.com/errata/RHSA-2017:1264 | vendor-advisory, x_refsource_REDHAT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:34:22.978Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1038480",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038480"
},
{
"name": "42053",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/42053/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.kde.org/info/security/advisory-20170510-1.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1449647"
},
{
"name": "98412",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/98412"
},
{
"name": "GLSA-201706-29",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201706-29"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cgit.kde.org/kdelibs.git/commit/?id=264e97625abe2e0334f97de17f6ffb52582888ab"
},
{
"name": "DSA-3849",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3849"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cgit.kde.org/kauth.git/commit/?id=df875f725293af53399f5146362eb158b4f9216a"
},
{
"name": "[oss-security] 20170510 generic kde LPE",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2017/05/10/3"
},
{
"name": "RHSA-2017:1264",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1264"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-05-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "KDE kdelibs before 4.14.32 and KAuth before 5.34 allow local users to gain root privileges by spoofing a callerID and leveraging a privileged helper app."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-04T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1038480",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038480"
},
{
"name": "42053",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/42053/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.kde.org/info/security/advisory-20170510-1.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1449647"
},
{
"name": "98412",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/98412"
},
{
"name": "GLSA-201706-29",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201706-29"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cgit.kde.org/kdelibs.git/commit/?id=264e97625abe2e0334f97de17f6ffb52582888ab"
},
{
"name": "DSA-3849",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3849"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cgit.kde.org/kauth.git/commit/?id=df875f725293af53399f5146362eb158b4f9216a"
},
{
"name": "[oss-security] 20170510 generic kde LPE",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2017/05/10/3"
},
{
"name": "RHSA-2017:1264",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1264"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-8422",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "KDE kdelibs before 4.14.32 and KAuth before 5.34 allow local users to gain root privileges by spoofing a callerID and leveraging a privileged helper app."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1038480",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038480"
},
{
"name": "42053",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/42053/"
},
{
"name": "https://www.kde.org/info/security/advisory-20170510-1.txt",
"refsource": "CONFIRM",
"url": "https://www.kde.org/info/security/advisory-20170510-1.txt"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1449647",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1449647"
},
{
"name": "98412",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98412"
},
{
"name": "GLSA-201706-29",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201706-29"
},
{
"name": "https://cgit.kde.org/kdelibs.git/commit/?id=264e97625abe2e0334f97de17f6ffb52582888ab",
"refsource": "CONFIRM",
"url": "https://cgit.kde.org/kdelibs.git/commit/?id=264e97625abe2e0334f97de17f6ffb52582888ab"
},
{
"name": "DSA-3849",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3849"
},
{
"name": "https://cgit.kde.org/kauth.git/commit/?id=df875f725293af53399f5146362eb158b4f9216a",
"refsource": "CONFIRM",
"url": "https://cgit.kde.org/kauth.git/commit/?id=df875f725293af53399f5146362eb158b4f9216a"
},
{
"name": "[oss-security] 20170510 generic kde LPE",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/05/10/3"
},
{
"name": "RHSA-2017:1264",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1264"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-8422",
"datePublished": "2017-05-17T14:00:00",
"dateReserved": "2017-05-02T00:00:00",
"dateUpdated": "2024-08-05T16:34:22.978Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2014-08-19 18:55
Modified
2024-11-21 02:11
Severity ?
Summary
KDE kdelibs before 4.14 and kauth before 5.1 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, related to CVE-2013-4288 and "PID reuse race conditions."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| debian | kde4libs | - | |
| canonical | ubuntu_linux | 12.04 | |
| canonical | ubuntu_linux | 14.04 | |
| kde | kauth | * | |
| kde | kdelibs | * | |
| kde | kdelibs | 4.10.0 | |
| kde | kdelibs | 4.10.1 | |
| kde | kdelibs | 4.10.2 | |
| kde | kdelibs | 4.10.3 | |
| kde | kdelibs | 4.10.95 | |
| kde | kdelibs | 4.10.97 | |
| kde | kdelibs | 4.11.0 | |
| kde | kdelibs | 4.11.1 | |
| kde | kdelibs | 4.11.2 | |
| kde | kdelibs | 4.11.3 | |
| kde | kdelibs | 4.11.4 | |
| kde | kdelibs | 4.11.5 | |
| kde | kdelibs | 4.11.80 | |
| kde | kdelibs | 4.11.90 | |
| kde | kdelibs | 4.11.95 | |
| kde | kdelibs | 4.11.97 | |
| kde | kdelibs | 4.12.0 | |
| kde | kdelibs | 4.12.1 | |
| kde | kdelibs | 4.12.2 | |
| kde | kdelibs | 4.12.3 | |
| kde | kdelibs | 4.12.4 | |
| kde | kdelibs | 4.12.5 | |
| kde | kdelibs | 4.12.80 | |
| kde | kdelibs | 4.12.90 | |
| kde | kdelibs | 4.12.95 | |
| kde | kdelibs | 4.12.97 | |
| kde | kdelibs | 4.13.0 | |
| kde | kdelibs | 4.13.1 | |
| kde | kdelibs | 4.13.2 | |
| kde | kdelibs | 4.13.3 | |
| kde | kdelibs | 4.13.80 | |
| kde | kdelibs | 4.13.90 | |
| kde | kdelibs | 4.13.95 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:debian:kde4libs:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F69F6CA3-205F-4A3B-B1EE-87A93D87CE81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*",
"matchCriteriaId": "F5D324C4-97C7-49D3-A809-9EAD4B690C69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kde:kauth:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B8DE7A5C-2C0F-4DD1-90E2-26891DC79575",
"versionEndIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kdelibs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DED2728D-6EC3-4641-9972-F43AB4D1BB72",
"versionEndIncluding": "4.13.97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kdelibs:4.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4A1BF2C7-0945-4325-9514-F2F37E8CE43B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kdelibs:4.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B2C7808F-2203-43DF-808C-7A0B85367293",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kdelibs:4.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "61937C14-55DF-4E30-947D-21EC3F418E62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kdelibs:4.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FD7ECC09-0985-44AA-909E-86981CC13A9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kdelibs:4.10.95:*:*:*:*:*:*:*",
"matchCriteriaId": "3A7D10AF-E305-41F4-9154-7071E684C6B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kdelibs:4.10.97:*:*:*:*:*:*:*",
"matchCriteriaId": "B34C3204-4A63-4490-ABED-AF83CE3F37E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kdelibs:4.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "39EAE85E-BF52-45EA-82D8-BBBC0DE9759C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kdelibs:4.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4B4D1998-D62F-4D0E-8E6C-33D4760BE69D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kdelibs:4.11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "13CD2D8F-32F6-4AC4-B43C-506724EA6E38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kdelibs:4.11.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4733C600-C5D6-4A5D-A1DF-1F41597F6926",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kdelibs:4.11.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BC7EBD3A-EDFC-4B8F-9095-5E0670AF991E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kdelibs:4.11.5:*:*:*:*:*:*:*",
"matchCriteriaId": "55EC512F-3F86-40DA-AA7B-034DA9B5DBA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kdelibs:4.11.80:*:*:*:*:*:*:*",
"matchCriteriaId": "08FF236F-A7D5-4D08-8885-BD1889B0D398",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kdelibs:4.11.90:*:*:*:*:*:*:*",
"matchCriteriaId": "5F5EDED4-34A3-4D2B-A9E7-D980D78E10EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kdelibs:4.11.95:*:*:*:*:*:*:*",
"matchCriteriaId": "46457BB9-BD24-4437-AFDA-01D25E52410E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kdelibs:4.11.97:*:*:*:*:*:*:*",
"matchCriteriaId": "52A2D11C-26D2-47F1-9D34-60DB3116C39E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kdelibs:4.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A58204C3-0DEC-462B-A6B8-5EC1D9B65729",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kdelibs:4.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C767A89D-BA45-4730-BA2D-AAC2BA7436E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kdelibs:4.12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9A5FC4CC-DC0C-44D8-AAF6-A15CF7E6BD5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kdelibs:4.12.3:*:*:*:*:*:*:*",
"matchCriteriaId": "24629660-4066-4362-AD77-080604488303",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kdelibs:4.12.4:*:*:*:*:*:*:*",
"matchCriteriaId": "718095EE-ADEC-4E28-B678-DA3D636BBE32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kdelibs:4.12.5:*:*:*:*:*:*:*",
"matchCriteriaId": "EA3E3729-298F-43C3-9BE0-82072FE47F9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kdelibs:4.12.80:*:*:*:*:*:*:*",
"matchCriteriaId": "B6FC3277-8410-437F-813A-63254E983A5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kdelibs:4.12.90:*:*:*:*:*:*:*",
"matchCriteriaId": "88E2B874-46DF-4A95-9541-14CF70E2A73D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kdelibs:4.12.95:*:*:*:*:*:*:*",
"matchCriteriaId": "1A593BA6-D3B2-48EE-AC9E-B84967D03B37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kdelibs:4.12.97:*:*:*:*:*:*:*",
"matchCriteriaId": "14034B30-9DE0-43EE-A79D-D4FC624D6C86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kdelibs:4.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2A34BC1E-102D-43EF-A7BD-46E9866B07ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kdelibs:4.13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "90E66075-D997-4C6D-94AA-DE224B12BB2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kdelibs:4.13.2:*:*:*:*:*:*:*",
"matchCriteriaId": "33DCF182-2AD8-4267-B425-1B0A7D2BC0EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kdelibs:4.13.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F572E904-3EE4-4B01-AA7B-EF5F7F643E37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kdelibs:4.13.80:*:*:*:*:*:*:*",
"matchCriteriaId": "033ED945-4E0E-41AA-8B02-3BDCC0F27159",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kdelibs:4.13.90:*:*:*:*:*:*:*",
"matchCriteriaId": "C46B58D8-67F7-4920-8512-CB07C7446976",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kdelibs:4.13.95:*:*:*:*:*:*:*",
"matchCriteriaId": "E58C522E-8824-49B7-AAA9-6545E6DD5551",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "KDE kdelibs before 4.14 and kauth before 5.1 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, related to CVE-2013-4288 and \"PID reuse race conditions.\""
},
{
"lang": "es",
"value": "KDE kdelibs anterior a 4.14 y kauth anterior a 5.1 no utilizan debidamente D-Bus para la comunicaci\u00f3n con una autoridad polkit, lo que permite a usuarios locales evadir las restricciones de acceso mediante el aprovechamiento de una condici\u00f3n de carrera PolkitUnixProcess PolkitSubject a trav\u00e9s de un proceso (1) setuid o (2) pkexec, relacionado con el CVE-2013-4288 y \u0027condiciones de carrera de reuso PID.\u0027"
}
],
"id": "CVE-2014-5033",
"lastModified": "2024-11-21T02:11:19.663",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-08-19T18:55:03.233",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-updates/2014-08/msg00012.html"
},
{
"source": "cve@mitre.org",
"url": "http://quickgit.kde.org/?p=kauth.git\u0026a=commit\u0026h=341b7d84b6d9c03cf56905cb277b47e11c81482a"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://quickgit.kde.org/?p=kdelibs.git\u0026a=commitdiff\u0026h=e4e7b53b71e2659adaf52691d4accc3594203b23"
},
{
"source": "cve@mitre.org",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1359.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/60385"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/60633"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/60654"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2014/dsa-3004"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.kde.org/info/security/advisory-20140730-1.txt"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/USN-2304-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2014-08/msg00012.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://quickgit.kde.org/?p=kauth.git\u0026a=commit\u0026h=341b7d84b6d9c03cf56905cb277b47e11c81482a"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://quickgit.kde.org/?p=kdelibs.git\u0026a=commitdiff\u0026h=e4e7b53b71e2659adaf52691d4accc3594203b23"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1359.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/60385"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/60633"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/60654"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2014/dsa-3004"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.kde.org/info/security/advisory-20140730-1.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2304-1"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-362"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-05-07 19:29
Modified
2024-11-21 04:48
Severity ?
Summary
KDE KAuth before 5.55 allows the passing of parameters with arbitrary types to helpers running as root over DBus via DBusHelperProxy.cpp. Certain types can cause crashes, and trigger the decoding of arbitrary images with dynamically loaded plugins. In other words, KAuth unintentionally causes this plugin code to run as root, which increases the severity of any possible exploitation of a plugin vulnerability.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| kde | kauth | * | |
| opensuse | leap | 15.0 | |
| opensuse | leap | 42.3 | |
| opensuse | backports | - | |
| suse | linux_enterprise | 15.0 | |
| fedoraproject | fedora | 28 | |
| fedoraproject | fedora | 29 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kde:kauth:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1E3326D4-ECA4-46F5-9B03-896847B33BB1",
"versionEndExcluding": "5.55.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F1E78106-58E6-4D59-990F-75DA575BFAD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5F65DAB0-3DAD-49FF-BC73-3581CC3D5BF3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:opensuse:backports:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D47B6AC2-F30A-4AE8-8E5A-AD31E922D51D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:suse:linux_enterprise:15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1607628F-77A7-4C1F-98DF-0DC50AE8627D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*",
"matchCriteriaId": "DC1BD7B7-6D88-42B8-878E-F1318CA5FCAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*",
"matchCriteriaId": "D100F7CE-FC64-4CC6-852A-6136D72DA419",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "KDE KAuth before 5.55 allows the passing of parameters with arbitrary types to helpers running as root over DBus via DBusHelperProxy.cpp. Certain types can cause crashes, and trigger the decoding of arbitrary images with dynamically loaded plugins. In other words, KAuth unintentionally causes this plugin code to run as root, which increases the severity of any possible exploitation of a plugin vulnerability."
},
{
"lang": "es",
"value": "KDE KAuth, versiones anteriores 5.55, permite el paso de par\u00e1metros con tipos arbitrarios a ayudantes que se ejecutan como root sobre DBus a trav\u00e9s de DBusHelperProxy.cpp. Ciertos tipos pueden causar ca\u00eddas y desencadenar la decodificaci\u00f3n de im\u00e1genes arbitrarias con plugins cargados din\u00e1micamente. En otras palabras, KAuth involuntariamente hace que este c\u00f3digo del plugin se ejecute como root, lo que aumenta la severidad de cualquier posible explotaci\u00f3n de una vulnerabilidad del plugin."
}
],
"id": "CVE-2019-7443",
"lastModified": "2024-11-21T04:48:14.897",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-05-07T19:29:01.410",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00060.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00065.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1124863"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://cgit.kde.org/kauth.git/commit/?id=fc70fb0161c1b9144d26389434d34dd135cd3f4a"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DAWLQKTUQJOAPXOFWJQAQCA4LVM2P45F/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PXVUJNXB6QKGPT6YJPJSG3U2BIR5XK5Y/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00060.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00065.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1124863"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://cgit.kde.org/kauth.git/commit/?id=fc70fb0161c1b9144d26389434d34dd135cd3f4a"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DAWLQKTUQJOAPXOFWJQAQCA4LVM2P45F/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PXVUJNXB6QKGPT6YJPJSG3U2BIR5XK5Y/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-05-17 14:29
Modified
2024-11-21 03:34
Severity ?
Summary
KDE kdelibs before 4.14.32 and KAuth before 5.34 allow local users to gain root privileges by spoofing a callerID and leveraging a privileged helper app.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kde:kauth:*:*:*:*:*:*:*:*",
"matchCriteriaId": "613FFB8B-CF03-4E1C-9D6D-C186A19B9F60",
"versionEndIncluding": "5.33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kdelibs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "08C24977-D991-43E7-AF7E-BA489EC00903",
"versionEndIncluding": "4.14.31",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "KDE kdelibs before 4.14.32 and KAuth before 5.34 allow local users to gain root privileges by spoofing a callerID and leveraging a privileged helper app."
},
{
"lang": "es",
"value": "KDelibs de KDE antes de 4.14.32 y KAuth antes de 5.34 permiten que los usuarios locales obtengan privilegios de root por spoofing de un callerID y aprovechando una aplicaci\u00f3n de ayuda privilegiada."
}
],
"id": "CVE-2017-8422",
"lastModified": "2024-11-21T03:34:00.867",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-05-17T14:29:00.387",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2017/dsa-3849"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.openwall.com/lists/oss-security/2017/05/10/3"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/98412"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1038480"
},
{
"source": "cve@mitre.org",
"url": "https://access.redhat.com/errata/RHSA-2017:1264"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1449647"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://cgit.kde.org/kauth.git/commit/?id=df875f725293af53399f5146362eb158b4f9216a"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://cgit.kde.org/kdelibs.git/commit/?id=264e97625abe2e0334f97de17f6ffb52582888ab"
},
{
"source": "cve@mitre.org",
"url": "https://security.gentoo.org/glsa/201706-29"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/42053/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.kde.org/info/security/advisory-20170510-1.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2017/dsa-3849"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.openwall.com/lists/oss-security/2017/05/10/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/98412"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1038480"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2017:1264"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1449647"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://cgit.kde.org/kauth.git/commit/?id=df875f725293af53399f5146362eb158b4f9216a"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://cgit.kde.org/kdelibs.git/commit/?id=264e97625abe2e0334f97de17f6ffb52582888ab"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201706-29"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/42053/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.kde.org/info/security/advisory-20170510-1.txt"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-290"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}