KDE 4/5 Affected By A Root Exploit Vulnerability

Written by Michael Larabel in KDE on 12 May 2017 at 06:39 AM EDT. 32 Comments
There's a root exploit vulnerability present on both KDE4 and KDE5.

CVE-2017-8422 is a high priority issue in which a logic flaw in KAuth allows the identity of a caller to be spoofed and can allow gaining root access from an unprivileged account. An updated KAuth package for "KDE 5" as well as for kde4libs is now available to fix the issue.

The issue in KAuth paired with a problem in smb4k can allow an attacker to gain root access on a local machine. This exploit has been tested on openSUSE Leap and Fedora 26 Alpha, among other distributions.

More details on the issue are still coming to light but there is some detailed information via this oss-security posting.
Related News
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week