FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

plasma[56]-plasma-workspace -- Unauthorized users can access session manager

Affected packages
plasma5-plasma-workspace < 5.27.11.1
plasma6-plasma-workspace < 6.0.4_2

Details

VuXML ID 479df73e-2838-11ef-9cab-4ccc6adda413
Discovery 2024-05-31
Entry 2024-06-11

David Edmundson reports:

KSmserver, KDE's XSMP manager, incorrectly allows connections via ICE based purely on the host, allowing all local connections. This allows another user on the same machine to gain access to the session manager.

A well crafted client could use the session restore feature to execute arbitrary code as the user on the next boot.

References

CVE Name CVE-2024-36041
URL https://kde.org/info/security/advisory-20240531-1.txt