CVE-2017-8422
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.4 High
AI Score
Confidence
High
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.0004 Low
EPSS
Percentile
5.3%
KDE kdelibs before 4.14.32 and KAuth before 5.34 allow local users to gain root privileges by spoofing a callerID and leveraging a privileged helper app.
| CPE | Name | Operator | Version |
|---|---|---|---|
| kde:kauth | kde kauth | le | 5.33 |
| kde:kdelibs | kde kdelibs | le | 4.14.31 |
References
www.debian.org/security/2017/dsa-3849
www.openwall.com/lists/oss-security/2017/05/10/3
www.securityfocus.com/bid/98412
www.securitytracker.com/id/1038480
access.redhat.com/errata/RHSA-2017:1264
bugzilla.redhat.com/show_bug.cgi?id=1449647
cgit.kde.org/kauth.git/commit/?id=df875f725293af53399f5146362eb158b4f9216a
cgit.kde.org/kdelibs.git/commit/?id=264e97625abe2e0334f97de17f6ffb52582888ab
security.gentoo.org/glsa/201706-29
www.exploit-db.com/exploits/42053/
www.kde.org/info/security/advisory-20170510-1.txt
Social References
More
Related
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.4 High
AI Score
Confidence
High
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.0004 Low
EPSS
Percentile
5.3%