1449647 – (CVE-2017-8422) CVE-2017-8422 kauth: service invoking dbus is not properly checked and allows local privilege escalation

Bug 1449647 (CVE-2017-8422) - CVE-2017-8422 kauth: service invoking dbus is not properly checked and allows local privilege escalation

Summary: CVE-2017-8422 kauth: service invoking dbus is not properly checked and allows...

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2017-8422
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	1449648 1449649 1449650 1449651 1449652 1452035 1452068
Blocks:	1449672
TreeView+	depends on / blocked

Reported:	2017-05-10 12:12 UTC by Adam Mariš
Modified:	2021-02-17 02:09 UTC (History)
CC List:	8 users (show)
Fixed In Version:	kdelibs 4.14.32, kauth 5.34
Doc Type:	If docs needed, set a value
Doc Text:	A privilege escalation flaw was found in the way kdelibs handled D-Bus messages. A local user could potentially use this flaw to gain root privileges by spoofing a callerID and leveraging a privileged helper application.
Clone Of:
Environment:
Last Closed:	2019-06-08 03:12:22 UTC
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2017:1264	0	normal	SHIPPED_LIVE	Important: kdelibs security update	2017-05-22 12:40:35 UTC

Description Adam Mariš 2017-05-10 12:12:45 UTC

KAuth contains a logic flaw in which the service invoking dbus is not properly checked. This allows spoofing the identity of the caller and with some carefully crafted calls can lead to gaining root from an unprivileged account.

Affected versions: kauth < 5.34, kdelibs < 4.14.32

Upstream patches:

kauth: https://commits.kde.org/kauth/df875f725293af53399f5146362eb158b4f9216a
kdelibs: https://commits.kde.org/kdelibs/264e97625abe2e0334f97de17f6ffb52582888ab

External References:

https://www.kde.org/info/security/advisory-20170510-1.txt
http://seclists.org/oss-sec/2017/q2/240

Comment 1 Adam Mariš 2017-05-10 12:13:23 UTC

Created kdelibs tracking bugs for this issue:

Affects: fedora-all [bug 1449649]


Created kdelibs-webkit tracking bugs for this issue:

Affects: epel-7 [bug 1449651]


Created kdelibs3 tracking bugs for this issue:

Affects: fedora-all [bug 1449650]


Created kf5-kauth tracking bugs for this issue:

Affects: epel-7 [bug 1449648]
Affects: fedora-all [bug 1449652]

Comment 2 Adam Mariš 2017-05-10 12:19:00 UTC

Acknowledgments:

Name: Sebastian Krahmer (SUSE)

Comment 3 Kevin Kofler 2017-05-15 22:12:14 UTC

As written in https://bugzilla.redhat.com/show_bug.cgi?id=1449650#c3 , the actual affected versions are only:
kauth < 5.34, 4.4.0 <= kdelibs < 4.14.32
In particular, kdelibs3 is NOT affected (see also https://bugzilla.redhat.com/show_bug.cgi?id=1449650#c2 ).

Comment 4 Adam Mariš 2017-05-16 06:58:36 UTC

(In reply to Kevin Kofler from comment #3)
> As written in https://bugzilla.redhat.com/show_bug.cgi?id=1449650#c3 , the
> actual affected versions are only:
> kauth < 5.34, 4.4.0 <= kdelibs < 4.14.32
> In particular, kdelibs3 is NOT affected (see also
> https://bugzilla.redhat.com/show_bug.cgi?id=1449650#c2 ).

OK, thank you! Next time, please don't change the internal whiteboard, these changes should be made only by Product Security members.

Comment 9 errata-xmlrpc 2017-05-22 08:41:02 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2017:1264 https://access.redhat.com/errata/RHSA-2017:1264

Note You need to log in before you can comment on or make changes to this bug.