KDE kdelibs prior to 4.14.32 and KAuth prior to 5.34 allow local users to gain root privileges by spoofing a callerID and leveraging a privileged helper app.
Synopsis
Important: kdelibs security update
Type/Severity
Security Advisory: Important
Topic
An update for kdelibs is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, ...
A privilege escalation flaw was found in the way kdelibs handled D-Bus messages A local user could potentially use this flaw to gain root privileges by spoofing a callerID and leveraging a privileged helper application ...
KAuth <= 5330 contains a logic flaw in which the service invoking dbus is not properly checked This allows spoofing the identity of the caller and with some carefully crafted calls can lead to gaining root from an unprivileged account ...
PLASMA PULSAR
CVE-2017-8422, CVE-2017-8849
This document describes a generic root exploit against kde
The exploit is achieved by abusing a logic flaw within
the KAuth framework which is present in kde4 (orgkdeauth) and kde5
(orgkdekf5auth) It is possible to spoof what KAuth calls
callerID's which are indeed D-Bus unique names of the sender of a D-Bus
message
Exploit