CVE-2017-8422

Source
Severity High
Remote No
Type Privilege escalation
Description
KAuth <= 5.33.0 contains a logic flaw in which the service invoking dbus is not properly checked. This allows spoofing the identity of the caller and with some carefully crafted calls can lead to gaining root from an unprivileged account.
Group Package Affected Fixed Severity Status Ticket
AVG-270 kdelibs 4.14.31-1 4.14.32-1 High Fixed
AVG-269 kauth 5.33.0-1 5.33.0-2 High Fixed
Date Advisory Group Package Severity Description
10 May 2017 ASA-201705-13 AVG-270 kdelibs High privilege escalation
10 May 2017 ASA-201705-12 AVG-269 kauth High privilege escalation
References
https://www.kde.org/info/security/advisory-20170510-1.txt
http://seclists.org/oss-sec/2017/q2/240
https://commits.kde.org/kauth/df875f725293af53399f5146362eb158b4f9216a
https://commits.kde.org/kdelibs/264e97625abe2e0334f97de17f6ffb52582888ab