6 results (0.024 seconds)

CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1

KDE kdelibs before 4.14.32 and KAuth before 5.34 allow local users to gain root privileges by spoofing a callerID and leveraging a privileged helper app. KDelibs de KDE antes de 4.14.32 y KAuth antes de 5.34 permiten que los usuarios locales obtengan privilegios de root por spoofing de un callerID y aprovechando una aplicación de ayuda privilegiada. A privilege escalation flaw was found in the way kdelibs handled D-Bus messages. A local user could potentially use this flaw to gain root privileges by spoofing a callerID and leveraging a privileged helper application. KDE versions 4 and 5 suffer from a KAuth privilege escalation vulnerability. • https://www.exploit-db.com/exploits/42053 http://www.debian.org/security/2017/dsa-3849 http://www.openwall.com/lists/oss-security/2017/05/10/3 http://www.securityfocus.com/bid/98412 http://www.securitytracker.com/id/1038480 https://access.redhat.com/errata/RHSA-2017:1264 https://bugzilla.redhat.com/show_bug.cgi?id=1449647 https://cgit.kde.org/kauth.git/commit/?id=df875f725293af53399f5146362eb158b4f9216a https://cgit.kde.org/kdelibs.git/commit/?id=264e97625abe2e0334f97de17f6ffb52582888a • CWE-290: Authentication Bypass by Spoofing •

CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0

kpac/script.cpp in KDE kio before 5.32 and kdelibs before 4.14.30 calls the PAC FindProxyForURL function with a full https URL (potentially including Basic Authentication credentials, a query string, or PATH_INFO), which allows remote attackers to obtain sensitive information via a crafted PAC file. kpac/script.cpp en KDE kio en versiones anteriores a 5.32 y kdelibs en versiones anteriores a 4.14.30 llama a la función PAC FindProxyForURL con una URL https completa (incluyendo potencialmente credenciales de autenticación básicas, una cadena de consulta o PATH_INFO), lo que permite a atacantes remotos obtener información sensible a través de un archivo PAC manipulado. • http://www.debian.org/security/2017/dsa-3849 http://www.securityfocus.com/bid/96515 https://www.kde.org/info/security/advisory-20170228-1.txt • CWE-319: Cleartext Transmission of Sensitive Information •

CVSS: 6.9EPSS: 0%CPEs: 38EXPL: 1

KDE kdelibs before 4.14 and kauth before 5.1 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, related to CVE-2013-4288 and "PID reuse race conditions." KDE kdelibs anterior a 4.14 y kauth anterior a 5.1 no utilizan debidamente D-Bus para la comunicación con una autoridad polkit, lo que permite a usuarios locales evadir las restricciones de acceso mediante el aprovechamiento de una condición de carrera PolkitUnixProcess PolkitSubject a través de un proceso (1) setuid o (2) pkexec, relacionado con el CVE-2013-4288 y 'condiciones de carrera de reuso PID.' It was found that polkit-qt handled authorization requests with PolicyKit via a D-Bus API that is vulnerable to a race condition. A local user could use this flaw to bypass intended PolicyKit authorizations. • http://lists.opensuse.org/opensuse-updates/2014-08/msg00012.html http://quickgit.kde.org/?p=kauth.git&a=commit&h=341b7d84b6d9c03cf56905cb277b47e11c81482a http://quickgit.kde.org/?p=kdelibs.git&a=commitdiff&h=e4e7b53b71e2659adaf52691d4accc3594203b23 http://rhn.redhat.com/errata/RHSA-2014-1359.html http://secunia.com/advisories/60385 http://secunia.com/advisories/60633 http://secunia.com/advisories/60654 http://www.debian.org/security/2014/dsa-3004 http://www.kde.org/info/security/advisory-201407 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •

CVSS: 5.0EPSS: 0%CPEs: 4EXPL: 0

kioslave/http/http.cpp in KIO in kdelibs 4.10.3 and earlier allows attackers to discover credentials via a crafted request that triggers an "internal server error," which includes the username and password in an error message. kioslave/http/http.cpp en KIO en kdelibs 4.10.3 y anteriores permite a atacantes remotos descubrir credenciales a través de una solicitud manipulada que provoca un "internal server error," el cual incluye el nombre de usuario y contraseña en un mensaje de error. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=707776 http://ubuntu.com/usn/usn-1842-1 http://www.openwall.com/lists/oss-security/2013/05/10/4 http://www.openwall.com/lists/oss-security/2013/05/11/2 http://www.osvdb.org/93244 http://xorl.wordpress.com/2013/05/22/cve-2013-2074-kde-kdelibs-password-exposure https://bugs.kde.org/show_bug.cgi?id=319428 https://bugzilla.redhat.com/show_bug.cgi?id=961981 https://projects.kde.org/projects/kde/kdelibs/r • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0

kio/kio/tcpslavebase.cpp in KDE KSSL in kdelibs before 4.6.1 does not properly verify that the server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a certificate issued by a legitimate Certification Authority for an IP address, a different vulnerability than CVE-2009-2702. kio/kio/tcpslavebase.cpp de KDE KSSL de kdelibs en versiones anteriores a la 4.6.1 no verifica apropiadamente que el nombre del servidor sea el mismo que el nombre de domino del subjeto de un certificado X.509, lo que permite a atacantes man-in-the-middle suplantar servidores SSL de su elección a través de un certificado suministrado por una autoridad de certificación legítima para una dirección IP. Una vulnerabilidad distinta a la CVE-2009-2702. • http://openwall.com/lists/oss-security/2011/03/08/13 http://openwall.com/lists/oss-security/2011/03/08/20 http://secunia.com/advisories/44108 http://www.mandriva.com/security/advisories?name=MDVSA-2011:071 http://www.securityfocus.com/bid/46789 http://www.ubuntu.com/usn/USN-1110-1 http://www.vupen.com/english/advisories/2011/0913 http://www.vupen.com/english/advisories/2011/0990 https://exchange.xforce.ibmcloud.com/vulnerabilities/65986 https://projects.kde.org/ • CWE-20: Improper Input Validation •