FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

kauth: Local privilege escalation

Affected packages
kdelibs < 4.14.30_4
kf5-kauth < 5.33.0_1

Details

VuXML ID 0baee383-356c-11e7-b9a9-50e549ebab6c
Discovery 2017-05-10
Entry 2017-05-10

Albert Astals Cid reports:

KAuth contains a logic flaw in which the service invoking dbus is not properly checked. This allows spoofing the identity of the caller and with some carefully crafted calls can lead to gaining root from an unprivileged account.

References

CVE Name CVE-2017-8422
Message http://www.openwall.com/lists/oss-security/2017/05/10/3
URL https://www.kde.org/info/security/advisory-20170510-1.txt