Skip to content

GitLab

  • Menu
Projects Groups Snippets
    • Loading...
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in / Register
  • Adélie Package Tree Adélie Package Tree
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 309
    • Issues 309
    • List
    • Boards
    • Service Desk
    • Milestones
  • Merge requests 21
    • Merge requests 21
  • CI/CD
    • CI/CD
    • Pipelines
    • Jobs
    • Schedules
  • Deployments
    • Deployments
    • Releases
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar
  • Adélie Linux
  • Adélie Package TreeAdélie Package Tree
  • Issues
  • #213

Closed
Open
Created Oct 16, 2019 by Emily@emily🤖

user/kauth: CVE-2019-7443: dbus helpers running as root accept images without good reason

Bugzilla ID 213
Alias(es) CVE-2019-7443
Reporter Max Rees (sroracle)
Assignee Max Rees (sroracle)
Reported 2019-10-16 16:39:51 -0500
Modified 2019-10-16 20:14:39 -0500
Status RESOLVED FIXED
Version 1.0-BETA3
Hardware Adélie Linux / All
Importance --- / normal
URL https://nvd.nist.gov/vuln/detail/CVE-2019-7443

Description

KDE KAuth before 5.55 allows the passing of parameters with arbitrary
types to helpers running as root over DBus via DBusHelperProxy.cpp.
Certain types can cause crashes, and trigger the decoding of arbitrary
images with dynamically loaded plugins. In other words, KAuth
unintentionally causes this plugin code to run as root, which
increases the severity of any possible exploitation of a plugin
vulnerability.

Edited Feb 02, 2022 by Zach van Rijn
Assignee
Assign to
Time tracking