CVE 2017-8422 - kauth: Local privilege escalation

Bug #1689759 reported by Rik Mills
268
This bug affects 3 people
Affects Status Importance Assigned to Milestone
kauth (Ubuntu)
Fix Released
High
Unassigned
Trusty
Invalid
Undecided
Unassigned
Xenial
Fix Released
High
Unassigned
Yakkety
Fix Released
High
Unassigned
Zesty
Fix Released
High
Unassigned
Artful
Fix Released
High
Unassigned
kde4libs (Ubuntu)
Fix Released
High
Unassigned
Trusty
Fix Released
High
Marc Deslauriers
Xenial
Fix Released
High
Unassigned
Yakkety
Fix Released
High
Unassigned
Zesty
Fix Released
High
Unassigned
Artful
Fix Released
High
Unassigned

Bug Description

KDE Project Security Advisory
=============================

Title: kauth: Local privilege escalation
Risk Rating: High
CVE: CVE-2017-8422
Versions: kauth < 5.34, kdelibs < 4.14.32
Date: 10 May 2017

Overview
========
KAuth contains a logic flaw in which the service invoking dbus
is not properly checked.

This allows spoofing the identity of the caller and with some
carefully crafted calls can lead to gaining root from an
unprivileged account.

Solution
========
Update to kauth >= 5.34 and kdelibs >= 4.14.32 (when released)

Or apply the following patches:
  kauth: https://commits.kde.org/kauth/df875f725293af53399f5146362eb158b4f9216a
kdelibs: https://commits.kde.org/kdelibs/264e97625abe2e0334f97de17f6ffb52582888ab

Credits
=======
Thanks to Sebastian Krahmer from SUSE for the report and
to Albert Astals Cid from KDE for the fix.

CVE References

Revision history for this message
vishnunaini (visred) wrote :

Attached debdiff for zesty

Changed in kauth (Ubuntu):
status: New → Confirmed
Changed in kde4libs (Ubuntu):
status: New → Confirmed
Revision history for this message
vishnunaini (visred) wrote :

Attached debdiff for kde4libs in zesty

Changed in kde4libs (Ubuntu Trusty):
assignee: nobody → Marc Deslauriers (mdeslaur)
importance: Undecided → High
status: New → Confirmed
Changed in kde4libs (Ubuntu Xenial):
importance: Undecided → High
status: New → Confirmed
Changed in kde4libs (Ubuntu Yakkety):
importance: Undecided → High
status: New → Confirmed
Changed in kde4libs (Ubuntu Zesty):
importance: Undecided → High
status: New → Confirmed
status: Confirmed → In Progress
Changed in kauth (Ubuntu Trusty):
status: New → Invalid
Changed in kauth (Ubuntu Xenial):
importance: Undecided → High
status: New → Confirmed
Changed in kauth (Ubuntu Yakkety):
importance: Undecided → High
status: New → Confirmed
Changed in kauth (Ubuntu Zesty):
importance: Undecided → High
status: New → Confirmed
status: Confirmed → In Progress
Changed in kauth (Ubuntu Artful):
importance: Undecided → High
Changed in kde4libs (Ubuntu Artful):
importance: Undecided → High
Changed in kde4libs (Ubuntu Trusty):
status: Confirmed → In Progress
Revision history for this message
Marc Deslauriers (mdeslaur) wrote :

ACK on the debdiffs in comments #1 and #2. I have uploaded them for releasing as a security update, with a few minor changes, such as targeting the security pocket, some whitespace changes in the changelog, and adding the new patch to the end of the series file rather than at the beginning.

Thanks!

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package kauth - 5.31.0-0ubuntu1.1

---------------
kauth (5.31.0-0ubuntu1.1) zesty-security; urgency=medium

  * SECURITY UPDATE: Local privilege escalation (LP: #1689759)
    - debian/patches/local-privilege-esc-CVE-2017-8422.patch
    - Thanks to Sebastian Krahmer for reporting this issue,
      Albert Astals Cid for fixing this issue.
    - CVE-2017-8422

 -- <email address hidden> (v.naini) Wed, 10 May 2017 15:22:25 +0530

Changed in kauth (Ubuntu Zesty):
status: In Progress → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package kde4libs - 4:4.14.30-0ubuntu1.1

---------------
kde4libs (4:4.14.30-0ubuntu1.1) zesty-security; urgency=medium

  * SECURITY UPDATE: Local privilege escalation (LP: #1689759)
    - debian/patches/kauth-local-privilege-esc-CVE-2017-8422.patch
    - Thanks to Sebastian Krahmer for reporting this issue,
      Albert Astals Cid for fixing this issue.
    - CVE-2017-8422

 -- <email address hidden> (v.naini) Wed, 10 May 2017 15:39:12 +0530

Changed in kde4libs (Ubuntu Zesty):
status: In Progress → Fix Released
Rik Mills (rikmills)
Changed in kde4libs (Ubuntu Artful):
status: Confirmed → Fix Committed
status: Fix Committed → Confirmed
Changed in kauth (Ubuntu Artful):
status: Confirmed → Fix Committed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package kauth - 5.33.0-0ubuntu2

---------------
kauth (5.33.0-0ubuntu2) artful; urgency=medium

  * SECURITY UPDATE: Local privilege escalation (LP: #1689759)
    - debian/patches/local-privilege-esc-CVE-2017-8422.patch
    - Thanks to Sebastian Krahmer for reporting this issue,
      Albert Astals Cid for fixing this issue.
    - CVE-2017-8422

 -- Rik Mills <email address hidden> Fri, 12 May 2017 21:59:37 +0100

Changed in kauth (Ubuntu Artful):
status: Fix Committed → Fix Released
Rik Mills (rikmills)
Changed in kde4libs (Ubuntu Artful):
status: Confirmed → Fix Committed
Rik Mills (rikmills)
Changed in kde4libs (Ubuntu Xenial):
status: Confirmed → In Progress
Revision history for this message
Rik Mills (rikmills) wrote :

kde4libs debdiff for xenial

Revision history for this message
Rik Mills (rikmills) wrote :

kde4libs debdiff for yakkety

Rik Mills (rikmills)
Changed in kde4libs (Ubuntu Yakkety):
status: Confirmed → In Progress
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package kde4libs - 4:4.14.30-0ubuntu2

---------------
kde4libs (4:4.14.30-0ubuntu2) artful; urgency=medium

  * SECURITY UPDATE: Local privilege escalation (LP: #1689759)
    - debian/patches/kauth-local-privilege-esc-CVE-2017-8422.patch
    - Thanks to Sebastian Krahmer for reporting this issue,
      Albert Astals Cid for fixing this issue.
    - CVE-2017-8422

 -- Rik Mills <email address hidden> Sat, 13 May 2017 08:57:53 +0100

Changed in kde4libs (Ubuntu Artful):
status: Fix Committed → Fix Released
Revision history for this message
Marc Deslauriers (mdeslaur) wrote :

ACK on the debdiffs in comments #7 and #8. I've uploaded them for building and will release them today. Thanks!

Changed in kde4libs (Ubuntu Xenial):
status: In Progress → Fix Committed
Changed in kde4libs (Ubuntu Yakkety):
status: In Progress → Fix Committed
Revision history for this message
Jose Manuel Santamaria Lema (panfaust) wrote :
Changed in kauth (Ubuntu Xenial):
status: Confirmed → In Progress
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package kde4libs - 4:4.14.16-0ubuntu3.2

---------------
kde4libs (4:4.14.16-0ubuntu3.2) xenial-security; urgency=medium

  * SECURITY UPDATE: Local privilege escalation (LP: #1689759)
    - debian/patches/kauth-local-privilege-esc-CVE-2017-8422.patch
    - Thanks to Sebastian Krahmer for reporting this issue,
      Albert Astals Cid for fixing this issue.
    - CVE-2017-8422

 -- Rik Mills <email address hidden> Sat, 13 May 2017 09:37:09 +0100

Changed in kde4libs (Ubuntu Xenial):
status: Fix Committed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package kde4libs - 4:4.14.22-0ubuntu2.2

---------------
kde4libs (4:4.14.22-0ubuntu2.2) yakkety-security; urgency=medium

  * SECURITY UPDATE: Local privilege escalation (LP: #1689759)
    - debian/patches/kauth-local-privilege-esc-CVE-2017-8422.patch
    - Thanks to Sebastian Krahmer for reporting this issue,
      Albert Astals Cid for fixing this issue.
    - CVE-2017-8422

 -- Rik Mills <email address hidden> Sat, 13 May 2017 10:01:19 +0100

Changed in kde4libs (Ubuntu Yakkety):
status: Fix Committed → Fix Released
Changed in kde4libs (Ubuntu Trusty):
status: In Progress → Fix Released
Revision history for this message
Jose Manuel Santamaria Lema (panfaust) wrote :
Changed in kauth (Ubuntu Yakkety):
status: Confirmed → In Progress
Revision history for this message
Steve Beattie (sbeattie) wrote :

Jose,

I've taken the debdiff from there, adjusted the version and reordered the series file, and will be publishing the update in a moment. Thanks!

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package kauth - 5.26.0-0ubuntu2.1

---------------
kauth (5.26.0-0ubuntu2.1) yakkety-security; urgency=medium

  * SECURITY UPDATE: Local privilege escalation (LP: #1689759)
    - debian/patches/local-privilege-esc-CVE-2017-8422.patch
    - Thanks to Sebastian Krahmer for reporting this issue,
      Albert Astals Cid for fixing this issue.
    - CVE-2017-8422

 -- José Manuel Santamaría Lema <email address hidden> Mon, 15 May 2017 15:49:46 +0200

Changed in kauth (Ubuntu Yakkety):
status: In Progress → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package kauth - 5.18.0-0ubuntu2

---------------
kauth (5.18.0-0ubuntu2) xenial-security; urgency=medium

  [ José Manuel Santamaría Lema ]
  * SECURITY UPDATE: Local privilege escalation (LP: #1689759)
   - debian/patches/local-privilege-esc-CVE-2017-8422.patch
   - Thanks to Sebastian Krahmer for reporting this issue,
     Albert Astals Cid for fixing this issue.
   - CVE-2017-8422

  [ Philip Muškovac ]
  * Update the Vcs URLs now that the repositories are hosted on
    Launchpad

 -- José Manuel Santamaría Lema <email address hidden> Tue, 16 May 2017 10:20:58 -0700

Changed in kauth (Ubuntu Xenial):
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.