KDE 4/5 Affected By A Root Exploit Vulnerability
There's a root exploit vulnerability present on both KDE4 and KDE5.
CVE-2017-8422 is a high priority issue in which a logic flaw in KAuth allows the identity of a caller to be spoofed and can allow gaining root access from an unprivileged account. An updated KAuth package for "KDE 5" as well as for kde4libs is now available to fix the issue.
The issue in KAuth paired with a problem in smb4k can allow an attacker to gain root access on a local machine. This exploit has been tested on openSUSE Leap and Fedora 26 Alpha, among other distributions.
More details on the issue are still coming to light but there is some detailed information via this oss-security posting.
CVE-2017-8422 is a high priority issue in which a logic flaw in KAuth allows the identity of a caller to be spoofed and can allow gaining root access from an unprivileged account. An updated KAuth package for "KDE 5" as well as for kde4libs is now available to fix the issue.
The issue in KAuth paired with a problem in smb4k can allow an attacker to gain root access on a local machine. This exploit has been tested on openSUSE Leap and Fedora 26 Alpha, among other distributions.
More details on the issue are still coming to light but there is some detailed information via this oss-security posting.
32 Comments