Local Privilege Escalation in KDE KAuth and kdelibs
CVE-2017-8422

7.8HIGH

Key Information:

Vendor

Kde

Status
Kauth
Kdelibs
Vendor
CVE Published:
17 May 2017

What is CVE-2017-8422?

The KDE kdelibs and KAuth components contain a vulnerability that allows local users to exploit a weakness by spoofing a caller ID. This exploit can leverage a privileged helper application, leading to unauthorized root access. Users running affected versions should prioritize updating to mitigate potential security risks.

References

http://www.securitytracker.com/id/1038480
vdb-entryx_refsource_SECTRACK
https://www.exploit-db.com/exploits/42053/
exploitx_refsource_EXPLOIT-DB
https://www.kde.org/info/security/advisory-20170510-1.txt
x_refsource_CONFIRM

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.