CVE 2017-8422 - kauth: Local privilege escalation
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
kauth (Ubuntu) |
Fix Released
|
High
|
Unassigned | ||
Trusty |
Invalid
|
Undecided
|
Unassigned | ||
Xenial |
Fix Released
|
High
|
Unassigned | ||
Yakkety |
Fix Released
|
High
|
Unassigned | ||
Zesty |
Fix Released
|
High
|
Unassigned | ||
Artful |
Fix Released
|
High
|
Unassigned | ||
kde4libs (Ubuntu) |
Fix Released
|
High
|
Unassigned | ||
Trusty |
Fix Released
|
High
|
Marc Deslauriers | ||
Xenial |
Fix Released
|
High
|
Unassigned | ||
Yakkety |
Fix Released
|
High
|
Unassigned | ||
Zesty |
Fix Released
|
High
|
Unassigned | ||
Artful |
Fix Released
|
High
|
Unassigned |
Bug Description
KDE Project Security Advisory
=======
Title: kauth: Local privilege escalation
Risk Rating: High
CVE: CVE-2017-8422
Versions: kauth < 5.34, kdelibs < 4.14.32
Date: 10 May 2017
Overview
========
KAuth contains a logic flaw in which the service invoking dbus
is not properly checked.
This allows spoofing the identity of the caller and with some
carefully crafted calls can lead to gaining root from an
unprivileged account.
Solution
========
Update to kauth >= 5.34 and kdelibs >= 4.14.32 (when released)
Or apply the following patches:
kauth: https:/
kdelibs: https:/
Credits
=======
Thanks to Sebastian Krahmer from SUSE for the report and
to Albert Astals Cid from KDE for the fix.
CVE References
Changed in kde4libs (Ubuntu Trusty): | |
assignee: | nobody → Marc Deslauriers (mdeslaur) |
importance: | Undecided → High |
status: | New → Confirmed |
Changed in kde4libs (Ubuntu Xenial): | |
importance: | Undecided → High |
status: | New → Confirmed |
Changed in kde4libs (Ubuntu Yakkety): | |
importance: | Undecided → High |
status: | New → Confirmed |
Changed in kde4libs (Ubuntu Zesty): | |
importance: | Undecided → High |
status: | New → Confirmed |
status: | Confirmed → In Progress |
Changed in kauth (Ubuntu Trusty): | |
status: | New → Invalid |
Changed in kauth (Ubuntu Xenial): | |
importance: | Undecided → High |
status: | New → Confirmed |
Changed in kauth (Ubuntu Yakkety): | |
importance: | Undecided → High |
status: | New → Confirmed |
Changed in kauth (Ubuntu Zesty): | |
importance: | Undecided → High |
status: | New → Confirmed |
status: | Confirmed → In Progress |
Changed in kauth (Ubuntu Artful): | |
importance: | Undecided → High |
Changed in kde4libs (Ubuntu Artful): | |
importance: | Undecided → High |
Changed in kde4libs (Ubuntu Trusty): | |
status: | Confirmed → In Progress |
Changed in kde4libs (Ubuntu Artful): | |
status: | Confirmed → Fix Committed |
status: | Fix Committed → Confirmed |
Changed in kauth (Ubuntu Artful): | |
status: | Confirmed → Fix Committed |
Changed in kde4libs (Ubuntu Artful): | |
status: | Confirmed → Fix Committed |
Changed in kde4libs (Ubuntu Xenial): | |
status: | Confirmed → In Progress |
Changed in kde4libs (Ubuntu Yakkety): | |
status: | Confirmed → In Progress |
Changed in kde4libs (Ubuntu Trusty): | |
status: | In Progress → Fix Released |
Attached debdiff for zesty