CVE-2017-8422 - log back

CVE-2017-8422 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Local
Type
+ Privilege escalation
Description
+ KAuth <= 5.33.0 contains a logic flaw in which the service invoking dbus is not properly checked. This allows spoofing the identity of the caller and with some carefully crafted calls can lead to gaining root from an unprivileged account.
References
+ https://www.kde.org/info/security/advisory-20170510-1.txt
+ http://seclists.org/oss-sec/2017/q2/240
+ https://commits.kde.org/kauth/df875f725293af53399f5146362eb158b4f9216a
+ https://commits.kde.org/kdelibs/264e97625abe2e0334f97de17f6ffb52582888ab
Notes