Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
[ GLSA 201706-29 ] KAuth and KDELibs
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index News & Announcements
View previous topic :: View next topic  
Author Message
GLSA
Advocate
Advocate


Joined: 12 May 2004
Posts: 2226

PostPosted: Wed Jul 12, 2017 2:26 am    Post subject: [ GLSA 201706-29 ] KAuth and KDELibs Reply with quote

Gentoo Linux Security Advisory

Title: KAuth and KDELibs: Privilege escalation (GLSA 201706-29)
Severity: high
Exploitable: local
Date: 2017-06-27
Bug(s): #618108
ID: 201706-29

Synopsis

A vulnerability in KAuth and KDELibs allows local users to gain
root privileges.


Background

KAuth provides a convenient, system-integrated way to offload actions
that need to be performed as a privileged user (root, for example) to
small (hopefully secure) helper utilities.
The KDE libraries, basis of KDE and used by many open source projects.

Affected Packages

Package: kde-frameworks/kauth
Vulnerable: < 5.29.0-r1
Unaffected: >= 5.29.0-r1
Architectures: All supported architectures

Package: kde-frameworks/kdelibs
Vulnerable: < 4.14.32
Unaffected: >= 4.14.32
Architectures: All supported architectures


Description

KAuth and KDELibs contains a logic flaw in which the service invoking
D-Bus is not properly checked. This allows spoofing the identity of the
caller and with some carefully crafted calls can lead to gaining root
from an unprivileged account.


Impact

A local attacker could spoof the identity of the caller invoking D-Bus,
possibly resulting in gaining privileges.


Workaround

There is no known workaround at this time.

Resolution

All KAuth users should upgrade to the latest version:
Code:
# emerge --sync
      # emerge --ask --oneshot --verbose ">=kde-frameworks/kauth-5.29.0-r1"
   
All KDELibs users should upgrade to the latest version:
Code:
# emerge --sync
      # emerge --ask --oneshot --verbose ">=kde-frameworks/kdelibs-4.14.32"
   


References

CVE-2017-8422
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index News & Announcements All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum