7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.0004 Low
EPSS
Percentile
5.3%
Severity: High
Date : 2017-05-10
CVE-ID : CVE-2017-8422
Package : kauth
Type : privilege escalation
Remote : No
Link : https://security.archlinux.org/AVG-269
The package kauth before version 5.33.0-2 is vulnerable to privilege
escalation.
Upgrade to 5.33.0-2.
The problem has been fixed upstream but no release is available yet.
None.
KAuth <= 5.33.0 contains a logic flaw in which the service invoking
dbus is not properly checked. This allows spoofing the identity of the
caller and with some carefully crafted calls can lead to gaining root
from an unprivileged account.
A local, unprivileged attacker can escalate privileges to become root
on the affected host.
https://cgit.kde.org/kauth.git/commit/?id=df875f725293af53399f5146362eb158b4f9216a
https://www.kde.org/info/security/advisory-20170510-1.txt
http://seclists.org/oss-sec/2017/q2/240
https://commits.kde.org/kauth/df875f725293af53399f5146362eb158b4f9216a
https://commits.kde.org/kdelibs/264e97625abe2e0334f97de17f6ffb52582888ab
https://security.archlinux.org/CVE-2017-8422
seclists.org/oss-sec/2017/q2/240
cgit.kde.org/kauth.git/commit/?id=df875f725293af53399f5146362eb158b4f9216a
commits.kde.org/kauth/df875f725293af53399f5146362eb158b4f9216a
commits.kde.org/kdelibs/264e97625abe2e0334f97de17f6ffb52582888ab
security.archlinux.org/AVG-269
security.archlinux.org/CVE-2017-8422
www.kde.org/info/security/advisory-20170510-1.txt
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.0004 Low
EPSS
Percentile
5.3%