KAuth and KDELibs: Privilege escalation — GLSA 201706-29

A vulnerability in KAuth and KDELibs allows local users to gain root privileges.

Affected Packages

kde-frameworks/kauth on all architectures
Affected versions < 5.29.0-r1
Unaffected versions >= 5.29.0-r1
kde-frameworks/kdelibs on all architectures
Affected versions < 4.14.32
Unaffected versions >= 4.14.32

Background

KAuth provides a convenient, system-integrated way to offload actions that need to be performed as a privileged user (root, for example) to small (hopefully secure) helper utilities.

The KDE libraries, basis of KDE and used by many open source projects.

Description

KAuth and KDELibs contains a logic flaw in which the service invoking D-Bus is not properly checked. This allows spoofing the identity of the caller and with some carefully crafted calls can lead to gaining root from an unprivileged account.

Impact

A local attacker could spoof the identity of the caller invoking D-Bus, possibly resulting in gaining privileges.

Workaround

There is no known workaround at this time.

Resolution

All KAuth users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=kde-frameworks/kauth-5.29.0-r1"
 

All KDELibs users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=kde-frameworks/kdelibs-4.14.32"
 

References

Release Date
June 27, 2017

Latest Revision
June 27, 2017: 1

Severity
high

Exploitable
local

Bugzilla entries