CVE-2017-8422

Metadata

high
7.2
kauth, kde4libs
CVE-2017-8422
cve.mitre.org, openwall.com, kde.org, ubuntu.com, bugs.launchpad.net
2017-05-10
2017-06-16 18:42
CVE-2017-8422 kde4libs
CVE-2017-8422 kauth
2017-06-15 02:36
2017-05-18 04:04
2017-05-16 22:03
2017-05-15 15:03
2017-05-12 14:03
2017-05-11 15:03
2017-05-11 02:03

Description

KDE kdelibs before 4.14.32 and KAuth before 5.34 allow local users to gain root privileges by spoofing a callerID and leveraging a privileged helper app.

Am I vulnerable?

The constraints below list the versions that this vulnerability is patched in, and versions that are unaffected. If a patch is ready but unrealeased, then it is pending.

Or, you can just let us figure it out for you! Appcanary continously monitor your installed packages, and tell you if any of them are vulnerable.

Sign up for monitoring

Affected package information

Release Package Patched in
devel kauth 5.33.0-0ubuntu2
kde4libs 4:4.14.30-0ubuntu2
trusty kde4libs 4:4.13.3-0ubuntu0.5
upstream kauth 5.34
kde4libs 4.14.32
xenial kauth 5.18.0-0ubuntu2
kde4libs 4:4.14.16-0ubuntu3.2
yakkety kauth 5.26.0-0ubuntu2.1
kde4libs 4:4.14.22-0ubuntu2.2
zesty kauth 5.31.0-0ubuntu1.1
kde4libs 4:4.14.30-0ubuntu1.1

Unaffected

Release Package Reason
precise/esm kauth DNE
kde4libs DNE
trusty kauth DNE
vivid/stable-phone-overlay kauth DNE
kde4libs DNE
vivid/ubuntu-core kauth DNE
kde4libs DNE