Home > Vulnerability Database > CVE-2017-8422

Mend.io Vulnerability Database

New vulnerability? Tell us about it!

CVE-2017-8422

Date: May 17, 2017

KDE kdelibs before 4.14.32 and KAuth before 5.34 allow local users to gain root privileges by spoofing a callerID and leveraging a privileged helper app.

Language: C++

Severity Score

7.8

Related Resources (16)

Url: https://security.gentoo.org/glsa/201706-29

Url: https://cgit.kde.org/kdelibs.git/commit/?id=264e97625abe2e0334f97de17f6ffb52582888ab

Url: https://access.redhat.com/errata/RHSA-2017:1264

Url: https://nvd.nist.gov/vuln/detail/CVE-2017-8422

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2017-8422

Url: http://www.securityfocus.com/bid/98412

Url: https://www.kde.org/info/security/advisory-20170510-1.txt

Url: https://cgit.kde.org/kauth.git/commit/?id=df875f725293af53399f5146362eb158b4f9216a

Url: https://access.redhat.com/security/cve/CVE-2017-8422

Url: http://www.openwall.com/lists/oss-security/2017/05/10/3

Url: https://security-tracker.debian.org/tracker/CVE-2017-8422

Url: https://www.exploit-db.com/exploits/42053/

Url: http://www.securitytracker.com/id/1038480

Url: https://bugzilla.redhat.com/show_bug.cgi?id=1449647

Url: http://www.debian.org/security/2017/dsa-3849

Url: https://www.mend.io/vulnerability-database/CVE-2017-8422

Severity Score

7.8

Weakness Type (CWE)

Permissions, Privileges, and Access Control

CWE-264

Authentication Bypass by Spoofing

CWE-290

CVSS v3.1

Base Score:	7.8
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

CVSS v2

Base Score:	7.2
Access Vector (AV):	LOCAL
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	COMPLETE
Integrity (I):	COMPLETE
Availability (A):	COMPLETE
Additional information:

Do you need more information?

Contact Us