Bug 1449647 (CVE-2017-8422) - CVE-2017-8422 kauth: service invoking dbus is not properly checked and allows local privilege escalation
Summary: CVE-2017-8422 kauth: service invoking dbus is not properly checked and allows...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2017-8422
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard: impact=important,public=20170510,repo...
Depends On: 1449648 1449649 1449650 1449651 1449652 1452035 1452068
Blocks: 1449672
TreeView+ depends on / blocked
 
Reported: 2017-05-10 12:12 UTC by Adam Mariš
Modified: 2019-06-11 11:13 UTC (History)
8 users (show)

Fixed In Version: kdelibs 4.14.32, kauth 5.34
Doc Type: If docs needed, set a value
Doc Text:
A privilege escalation flaw was found in the way kdelibs handled D-Bus messages. A local user could potentially use this flaw to gain root privileges by spoofing a callerID and leveraging a privileged helper application.
Clone Of:
Environment:
Last Closed: 2019-06-08 03:12:22 UTC


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2017:1264 normal SHIPPED_LIVE Important: kdelibs security update 2017-05-22 12:40:35 UTC

Description Adam Mariš 2017-05-10 12:12:45 UTC
KAuth contains a logic flaw in which the service invoking dbus is not properly checked. This allows spoofing the identity of the caller and with some carefully crafted calls can lead to gaining root from an unprivileged account.

Affected versions: kauth < 5.34, kdelibs < 4.14.32

Upstream patches:

kauth: https://commits.kde.org/kauth/df875f725293af53399f5146362eb158b4f9216a
kdelibs: https://commits.kde.org/kdelibs/264e97625abe2e0334f97de17f6ffb52582888ab

External References:

https://www.kde.org/info/security/advisory-20170510-1.txt
http://seclists.org/oss-sec/2017/q2/240

Comment 1 Adam Mariš 2017-05-10 12:13:23 UTC
Created kdelibs tracking bugs for this issue:

Affects: fedora-all [bug 1449649]


Created kdelibs-webkit tracking bugs for this issue:

Affects: epel-7 [bug 1449651]


Created kdelibs3 tracking bugs for this issue:

Affects: fedora-all [bug 1449650]


Created kf5-kauth tracking bugs for this issue:

Affects: epel-7 [bug 1449648]
Affects: fedora-all [bug 1449652]

Comment 2 Adam Mariš 2017-05-10 12:19:00 UTC
Acknowledgments:

Name: Sebastian Krahmer (SUSE)

Comment 3 Kevin Kofler 2017-05-15 22:12:14 UTC
As written in https://bugzilla.redhat.com/show_bug.cgi?id=1449650#c3 , the actual affected versions are only:
kauth < 5.34, 4.4.0 <= kdelibs < 4.14.32
In particular, kdelibs3 is NOT affected (see also https://bugzilla.redhat.com/show_bug.cgi?id=1449650#c2 ).

Comment 4 Adam Mariš 2017-05-16 06:58:36 UTC
(In reply to Kevin Kofler from comment #3)
> As written in https://bugzilla.redhat.com/show_bug.cgi?id=1449650#c3 , the
> actual affected versions are only:
> kauth < 5.34, 4.4.0 <= kdelibs < 4.14.32
> In particular, kdelibs3 is NOT affected (see also
> https://bugzilla.redhat.com/show_bug.cgi?id=1449650#c2 ).

OK, thank you! Next time, please don't change the internal whiteboard, these changes should be made only by Product Security members.

Comment 9 errata-xmlrpc 2017-05-22 08:41:02 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2017:1264 https://access.redhat.com/errata/RHSA-2017:1264


Note You need to log in before you can comment on or make changes to this bug.