GLSA-201706-29 : KAuth and KDELibs: Privilege escalation
High Nessus Plugin ID 101075
SynopsisThe remote Gentoo host is missing one or more security-related patches.
DescriptionThe remote host is affected by the vulnerability described in GLSA-201706-29 (KAuth and KDELibs: Privilege escalation)
KAuth and KDELibs contains a logic flaw in which the service invoking D-Bus is not properly checked. This allows spoofing the identity of the caller and with some carefully crafted calls can lead to gaining root from an unprivileged account.
A local attacker could spoof the identity of the caller invoking D-Bus, possibly resulting in gaining privileges.
There is no known workaround at this time.
SolutionAll KAuth users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=kde-frameworks/kauth-5.29.0-r1' All KDELibs users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=kde-frameworks/kdelibs-4.14.32'