Published: 10/04/2017 Updated: 03/10/2019

CVSS v2 Base Score: 9 | Impact Score: 10 | Exploitability Score: 8

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 801

Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C

dde-daemon, the daemon process of DDE (Deepin Desktop Environment) 15.0 up to and including 15.3, runs with root privileges and hardly does anything to identify the user who calls the function through D-Bus. Anybody can change the grub config, even to append some arguments to make a backdoor or privilege escalation, by calling DoWriteGrubSettings() provided by dde-daemon.

Vulnerable Product	Search on Vulmon	Subscribe to Product
deepin deepin desktop environment 15.2
deepin deepin desktop environment 15.3
deepin deepin desktop environment 15.1
deepin deepin desktop environment 15.0

some POCs around Deepin Linux

dde_daemon_pocpy Intro CVE-2017-7622 Date & Version Date: 20170401 Tested on: Deepin153, ArchLinux, Fedora25(copr), Manjaro(with DDE) Vulnerability Description dde-daemon, the daemon process of DDE (Deepin Desktop Environment), runs with root privileges and hardly does anything to identify the user who calls the function through D-Bus Anybody can change the gr

CWE-862 https://github.com/kings-way/deepinhack/blob/master/dde_daemon_poc.py https://nvd.nist.gov https://github.com/kings-way/deepinhack

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2017-7622

Vulnerability Summary

Github Repositories

References

Vulmon Search

About

Products

Connect