Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
First Last Prev Next    This bug is not in your last search results.
Bug 1449647 - (CVE-2017-8422) CVE-2017-8422 kauth: service invoking dbus is not properly checked and allows local privilege escalation
CVE-2017-8422 kauth: service invoking dbus is not properly checked and allows...
Status: NEW
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
high Severity high
: ---
: ---
Assigned To: Red Hat Product Security
impact=important,public=20170510,repo...
: Reopened, Security
Depends On: 1449648 1449649 1449650 1449651 1449652 1452035 1452068
Blocks: 1449672
  Show dependency treegraph
 
Reported: 2017-05-10 08:12 EDT by Adam Mariš
Modified: 2018-03-29 18:03 EDT (History)
8 users (show)

See Also:
Fixed In Version: kdelibs 4.14.32, kauth 5.34
Doc Type: If docs needed, set a value
Doc Text:
A privilege escalation flaw was found in the way kdelibs handled D-Bus messages. A local user could potentially use this flaw to gain root privileges by spoofing a callerID and leveraging a privileged helper application.
Story Points: ---
Clone Of:
Environment:
Last Closed: 2017-05-18 04:21:41 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2017:1264 normal SHIPPED_LIVE Important: kdelibs security update 2017-05-22 08:40:35 EDT

  None (edit)
Description Adam Mariš 2017-05-10 08:12:45 EDT 
KAuth contains a logic flaw in which the service invoking dbus is not properly checked. This allows spoofing the identity of the caller and with some carefully crafted calls can lead to gaining root from an unprivileged account.

Affected versions: kauth < 5.34, kdelibs < 4.14.32

Upstream patches:

kauth: https://commits.kde.org/kauth/df875f725293af53399f5146362eb158b4f9216a
kdelibs: https://commits.kde.org/kdelibs/264e97625abe2e0334f97de17f6ffb52582888ab

External References:

https://www.kde.org/info/security/advisory-20170510-1.txt
http://seclists.org/oss-sec/2017/q2/240
Comment 1 Adam Mariš 2017-05-10 08:13:23 EDT 
Created kdelibs tracking bugs for this issue:

Affects: fedora-all [bug 1449649]


Created kdelibs-webkit tracking bugs for this issue:

Affects: epel-7 [bug 1449651]


Created kdelibs3 tracking bugs for this issue:

Affects: fedora-all [bug 1449650]


Created kf5-kauth tracking bugs for this issue:

Affects: epel-7 [bug 1449648]
Affects: fedora-all [bug 1449652]
Comment 2 Adam Mariš 2017-05-10 08:19:00 EDT 
Acknowledgments:

Name: Sebastian Krahmer (SUSE)
Comment 3 Kevin Kofler 2017-05-15 18:12:14 EDT 
As written in https://bugzilla.redhat.com/show_bug.cgi?id=1449650#c3 , the actual affected versions are only:
kauth < 5.34, 4.4.0 <= kdelibs < 4.14.32
In particular, kdelibs3 is NOT affected (see also https://bugzilla.redhat.com/show_bug.cgi?id=1449650#c2 ).
Comment 4 Adam Mariš 2017-05-16 02:58:36 EDT 
(In reply to Kevin Kofler from comment #3)
> As written in https://bugzilla.redhat.com/show_bug.cgi?id=1449650#c3 , the
> actual affected versions are only:
> kauth < 5.34, 4.4.0 <= kdelibs < 4.14.32
> In particular, kdelibs3 is NOT affected (see also
> https://bugzilla.redhat.com/show_bug.cgi?id=1449650#c2 ).

OK, thank you! Next time, please don't change the internal whiteboard, these changes should be made only by Product Security members.
Comment 9 errata-xmlrpc 2017-05-22 04:41:02 EDT 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2017:1264 https://access.redhat.com/errata/RHSA-2017:1264
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.