3 results (0.009 seconds)

CVSS: 9.3EPSS: 0%CPEs: 7EXPL: 0

KDE KAuth before 5.55 allows the passing of parameters with arbitrary types to helpers running as root over DBus via DBusHelperProxy.cpp. Certain types can cause crashes, and trigger the decoding of arbitrary images with dynamically loaded plugins. In other words, KAuth unintentionally causes this plugin code to run as root, which increases the severity of any possible exploitation of a plugin vulnerability. KDE KAuth, versiones anteriores 5.55, permite el paso de parámetros con tipos arbitrarios a ayudantes que se ejecutan como root sobre DBus a través de DBusHelperProxy.cpp. Ciertos tipos pueden causar caídas y desencadenar la decodificación de imágenes arbitrarias con plugins cargados dinámicamente. • http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00060.html http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00065.html https://bugzilla.suse.com/show_bug.cgi?id=1124863 https://cgit.kde.org/kauth.git/commit/?id=fc70fb0161c1b9144d26389434d34dd135cd3f4a https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DAWLQKTUQJOAPXOFWJQAQCA4LVM2P45F https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PXVUJNXB6QKGPT6YJPJSG3U2BIR5XK5Y • CWE-20: Improper Input Validation •

CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1

KDE kdelibs before 4.14.32 and KAuth before 5.34 allow local users to gain root privileges by spoofing a callerID and leveraging a privileged helper app. KDelibs de KDE antes de 4.14.32 y KAuth antes de 5.34 permiten que los usuarios locales obtengan privilegios de root por spoofing de un callerID y aprovechando una aplicación de ayuda privilegiada. A privilege escalation flaw was found in the way kdelibs handled D-Bus messages. A local user could potentially use this flaw to gain root privileges by spoofing a callerID and leveraging a privileged helper application. KDE versions 4 and 5 suffer from a KAuth privilege escalation vulnerability. • https://www.exploit-db.com/exploits/42053 http://www.debian.org/security/2017/dsa-3849 http://www.openwall.com/lists/oss-security/2017/05/10/3 http://www.securityfocus.com/bid/98412 http://www.securitytracker.com/id/1038480 https://access.redhat.com/errata/RHSA-2017:1264 https://bugzilla.redhat.com/show_bug.cgi?id=1449647 https://cgit.kde.org/kauth.git/commit/?id=df875f725293af53399f5146362eb158b4f9216a https://cgit.kde.org/kdelibs.git/commit/?id=264e97625abe2e0334f97de17f6ffb52582888a • CWE-290: Authentication Bypass by Spoofing •

CVSS: 6.9EPSS: 0%CPEs: 38EXPL: 1

KDE kdelibs before 4.14 and kauth before 5.1 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, related to CVE-2013-4288 and "PID reuse race conditions." KDE kdelibs anterior a 4.14 y kauth anterior a 5.1 no utilizan debidamente D-Bus para la comunicación con una autoridad polkit, lo que permite a usuarios locales evadir las restricciones de acceso mediante el aprovechamiento de una condición de carrera PolkitUnixProcess PolkitSubject a través de un proceso (1) setuid o (2) pkexec, relacionado con el CVE-2013-4288 y 'condiciones de carrera de reuso PID.' It was found that polkit-qt handled authorization requests with PolicyKit via a D-Bus API that is vulnerable to a race condition. A local user could use this flaw to bypass intended PolicyKit authorizations. • http://lists.opensuse.org/opensuse-updates/2014-08/msg00012.html http://quickgit.kde.org/?p=kauth.git&a=commit&h=341b7d84b6d9c03cf56905cb277b47e11c81482a http://quickgit.kde.org/?p=kdelibs.git&a=commitdiff&h=e4e7b53b71e2659adaf52691d4accc3594203b23 http://rhn.redhat.com/errata/RHSA-2014-1359.html http://secunia.com/advisories/60385 http://secunia.com/advisories/60633 http://secunia.com/advisories/60654 http://www.debian.org/security/2014/dsa-3004 http://www.kde.org/info/security/advisory-201407 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •