CVE-2017-8422
published 2017-05-17CVE-2017-8422: KDE kdelibs before 4.14.32 and KAuth before 5.34 allow local users to gain root privileges by spoofing a callerID and leveraging a privileged helper app.
PriorityP347high7.8CVSS 3.0
AVLACLPRLUINSUCHIHAH
EXPLOIT
EPSS
1.80%
75.8th percentile
KDE kdelibs before 4.14.32 and KAuth before 5.34 allow local users to gain root privileges by spoofing a callerID and leveraging a privileged helper app.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | kauth | < kauth 5.28.0-2 (bookworm) | kauth 5.28.0-2 (bookworm) |
| kde | kauth | <= 5.33 | — |
| kde | kauth | >= 0 < 5.28.0-2 | 5.28.0-2 |
| kde | kauth | >= 0 < 5.28.0-2 | 5.28.0-2 |
| kde | kauth | >= 0 < 5.28.0-2 | 5.28.0-2 |
| kde | kauth | >= 0 < 5.28.0-2 | 5.28.0-2 |
| kde | kdelibs | <= 4.14.31 | — |
CVSS provenance
nvdv3.07.8HIGHCVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.2HIGHAV:L/AC:L/Au:N/C:C/I:C/A:C
osv7.8HIGH
vendor_debian7.8HIGH
vendor_redhat7.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
KDE-Libs vulnerability
vendor_ubuntu·2017-05-15
CVE-2017-8422 KDE-Libs vulnerability
Title: KDE-Libs vulnerability
Summary: KDE-Libs could be made to run programs as an administrator if it received
specially crafted input.
Sebastian Krahmer discovered that the KDE-Libs Kauth component incorrectly
checked services invoking D-Bus. A local attacker could use this issue to
gain root privileges.
Instructions: After a standard system update you need to reboot your computer to make
all the necessary changes.
Red Hat
kauth: service invoking dbus is not properly checked and allows local privilege escalation
vendor_redhat·2017-05-10·CVSS 7.8
CVE-2017-8422 [HIGH] CWE-290 kauth: service invoking dbus is not properly checked and allows local privilege escalation
kauth: service invoking dbus is not properly checked and allows local privilege escalation
KDE kdelibs before 4.14.32 and KAuth before 5.34 allow local users to gain root privileges by spoofing a callerID and leveraging a privileged helper app.
A privilege escalation flaw was found in the way kdelibs handled D-Bus messages. A local user could potentially use this flaw to gain root privileges by spoofing a callerID and leveraging a privileged helper application.
Package: kdelibs (Red Hat Enterprise Linux 5) - Not affected
Package: kdelibs (Red Hat Enterprise Linux 6) - Not affected
Package: kdelibs3 (Red Hat Enterprise Linux 6) - Not affected
Package: kdelibs-experimental (Red Hat Enterprise Linux 6) - Not affected
Package: kdelibs-experimental (Red Hat Enterprise Linux 7) - Not affe
Debian
CVE-2017-8422: kauth - KDE kdelibs before 4.14.32 and KAuth before 5.34 allow local users to gain root ...
vendor_debian·2017·CVSS 7.8
CVE-2017-8422 [HIGH] CVE-2017-8422: kauth - KDE kdelibs before 4.14.32 and KAuth before 5.34 allow local users to gain root ...
KDE kdelibs before 4.14.32 and KAuth before 5.34 allow local users to gain root privileges by spoofing a callerID and leveraging a privileged helper app.
Scope: local
bookworm: resolved (fixed in 5.28.0-2)
bullseye: resolved (fixed in 5.28.0-2)
forky: resolved (fixed in 5.28.0-2)
sid: resolved (fixed in 5.28.0-2)
trixie: resolved (fixed in 5.28.0-2)
GHSA
GHSA-3x3g-jj7x-gr2f: KDE kdelibs before 4
ghsa_unreviewed·2022-05-13
CVE-2017-8422 [HIGH] CWE-290 GHSA-3x3g-jj7x-gr2f: KDE kdelibs before 4
KDE kdelibs before 4.14.32 and KAuth before 5.34 allow local users to gain root privileges by spoofing a callerID and leveraging a privileged helper app.
OSV
CVE-2017-8422: KDE kdelibs before 4
osv·2017-05-17·CVSS 7.8
CVE-2017-8422 [HIGH] CVE-2017-8422: KDE kdelibs before 4
KDE kdelibs before 4.14.32 and KAuth before 5.34 allow local users to gain root privileges by spoofing a callerID and leveraging a privileged helper app.
No detection rules found.
Bugzilla
CVE-2017-8422 kdelibs-webkit: kauth: service invoking dbus is not properly checked and allows local privilege escalation [epel-7]
bugzilla·2017-05-10·CVSS 7.8
CVE-2017-8422 [HIGH] CVE-2017-8422 kdelibs-webkit: kauth: service invoking dbus is not properly checked and allows local privilege escalation [epel-7]
CVE-2017-8422 kdelibs-webkit: kauth: service invoking dbus is not properly checked and allows local privilege escalation [epel-7]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of epel-7.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
Dis
Bugzilla
CVE-2017-8422 kdelibs3: kauth: service invoking dbus is not properly checked and allows local privilege escalation [fedora-all]
bugzilla·2017-05-10·CVSS 7.8
CVE-2017-8422 [HIGH] CVE-2017-8422 kdelibs3: kauth: service invoking dbus is not properly checked and allows local privilege escalation [fedora-all]
CVE-2017-8422 kdelibs3: kauth: service invoking dbus is not properly checked and allows local privilege escalation [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NO
Bugzilla
CVE-2017-8422 kf5-kauth: kauth: service invoking dbus is not properly checked and allows local privilege escalation [epel-7]
bugzilla·2017-05-10·CVSS 7.8
CVE-2017-8422 [HIGH] CVE-2017-8422 kf5-kauth: kauth: service invoking dbus is not properly checked and allows local privilege escalation [epel-7]
CVE-2017-8422 kf5-kauth: kauth: service invoking dbus is not properly checked and allows local privilege escalation [epel-7]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of epel-7.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
Discussi
Bugzilla
CVE-2017-8422 kdelibs: kauth: service invoking dbus is not properly checked and allows local privilege escalation [fedora-all]
bugzilla·2017-05-10·CVSS 7.8
CVE-2017-8422 [HIGH] CVE-2017-8422 kdelibs: kauth: service invoking dbus is not properly checked and allows local privilege escalation [fedora-all]
CVE-2017-8422 kdelibs: kauth: service invoking dbus is not properly checked and allows local privilege escalation [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOT
Bugzilla
CVE-2017-8422 kf5-kauth: kauth: service invoking dbus is not properly checked and allows local privilege escalation [fedora-all]
bugzilla·2017-05-10·CVSS 7.8
CVE-2017-8422 [HIGH] CVE-2017-8422 kf5-kauth: kauth: service invoking dbus is not properly checked and allows local privilege escalation [fedora-all]
CVE-2017-8422 kf5-kauth: kauth: service invoking dbus is not properly checked and allows local privilege escalation [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
N
Bugzilla
CVE-2017-8422 kauth: service invoking dbus is not properly checked and allows local privilege escalation
bugzilla·2017-05-10·CVSS 7.8
CVE-2017-8422 [HIGH] CVE-2017-8422 kauth: service invoking dbus is not properly checked and allows local privilege escalation
CVE-2017-8422 kauth: service invoking dbus is not properly checked and allows local privilege escalation
KAuth contains a logic flaw in which the service invoking dbus is not properly checked. This allows spoofing the identity of the caller and with some carefully crafted calls can lead to gaining root from an unprivileged account.
Affected versions: kauth As written in https://bugzilla.redhat.com/show_bug.cgi?id=1449650#c3 , the
> actual affected versions are only:
> kauth In particular, kdelibs3 is NOT affected (see also
> https://bugzilla.redhat.com/show_bug.cgi?id=1449650#c2 ).
OK, thank you! Next time, please don't change the internal whiteboard, these changes should be made only by Product Security members.
---
This issue has been addressed in the following products:
Red Hat En
http://www.debian.org/security/2017/dsa-3849http://www.openwall.com/lists/oss-security/2017/05/10/3http://www.securityfocus.com/bid/98412http://www.securitytracker.com/id/1038480https://access.redhat.com/errata/RHSA-2017:1264https://bugzilla.redhat.com/show_bug.cgi?id=1449647https://cgit.kde.org/kauth.git/commit/?id=df875f725293af53399f5146362eb158b4f9216ahttps://cgit.kde.org/kdelibs.git/commit/?id=264e97625abe2e0334f97de17f6ffb52582888abhttps://security.gentoo.org/glsa/201706-29https://www.exploit-db.com/exploits/42053/https://www.kde.org/info/security/advisory-20170510-1.txthttp://www.debian.org/security/2017/dsa-3849http://www.openwall.com/lists/oss-security/2017/05/10/3http://www.securityfocus.com/bid/98412http://www.securitytracker.com/id/1038480https://access.redhat.com/errata/RHSA-2017:1264https://bugzilla.redhat.com/show_bug.cgi?id=1449647https://cgit.kde.org/kauth.git/commit/?id=df875f725293af53399f5146362eb158b4f9216ahttps://cgit.kde.org/kdelibs.git/commit/?id=264e97625abe2e0334f97de17f6ffb52582888abhttps://security.gentoo.org/glsa/201706-29https://www.exploit-db.com/exploits/42053/https://www.kde.org/info/security/advisory-20170510-1.txt
2017-05-17
Published