CVE-2019-7443

Sažetak

KDE KAuth before 5.55 allows the passing of parameters with arbitrary types to helpers running as root over DBus via DBusHelperProxy.cpp. Certain types can cause crashes, and trigger the decoding of arbitrary images with dynamically loaded plugins. In other words, KAuth unintentionally causes this plugin code to run as root, which increases the severity of any possible exploitation of a plugin vulnerability.

Reference

https://cgit.kde.org/kauth.git/commit/?id=fc70fb0161c1b9144d26389434d34dd135cd3f4a
https://bugzilla.suse.com/show_bug.cgi?id=1124863
http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00065.html
http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00060.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DAWLQKTUQJOAPXOFWJQAQCA4LVM2P45F/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PXVUJNXB6QKGPT6YJPJSG3U2BIR5XK5Y/

CVSS

Base:	9.3
Impact:	10.0
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:N/AC:M/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

07-11-2023 - 03:13

Objavljeno

07-05-2019 - 19:29