Articles & Reviews
News Archive
Forums
Premium
Contact
Categories

Computers Display Drivers Graphics Cards Linux Gaming Memory Motherboards Processors Software Storage Operating Systems Peripherals

KDE 4/5 Affected By A Root Exploit Vulnerability

Written by Michael Larabel in KDE on 12 May 2017 at 06:39 AM EDT. 32 Comments

There's a root exploit vulnerability present on both KDE4 and KDE5.

CVE-2017-8422 is a high priority issue in which a logic flaw in KAuth allows the identity of a caller to be spoofed and can allow gaining root access from an unprivileged account. An updated KAuth package for "KDE 5" as well as for kde4libs is now available to fix the issue.

The issue in KAuth paired with a problem in smb4k can allow an attacker to gain root access on a local machine. This exploit has been tested on openSUSE Leap and Fedora 26 Alpha, among other distributions.

More details on the issue are still coming to light but there is some detailed information via this oss-security posting.

32 Comments

KDE's Busy Week With Landing Explicit Sync & Many Other Changes

KDE Frameworks 6.1 Released With Many Improvements & Fixes

KDE's KWin Merges Wayland Explicit Sync Support

KDE On The Importance Of Wayland Explicit Sync

KDE Plasma 6 Can Now Sync Your RGB-Backlit Keyboard With Your Desktop's Accent Color

About The Author

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.