7.2
CVSSv2

CVE-2018-10361

Published: 25/04/2018 Updated: 03/10/2019
CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
VMScore: 641
Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Summary

An issue exists in KTextEditor 5.34.0 up to and including 5.45.0. Insecure handling of temporary files in the KTextEditor's kauth_ktexteditor_helper service (as utilized in the Kate text editor) can allow other unprivileged users on the local system to gain root privileges. The attack occurs when one user (who has an unprivileged account but is also able to authenticate as root) writes a text file using Kate into a directory owned by a another unprivileged user. The latter unprivileged user conducts a symlink attack to achieve privilege escalation.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

kde ktexteditor

Vendor Advisories

Debian Bug report logs - #896836 ktexteditor: CVE-2018-10361: ktexteditor privilege escalation Package: src:ktexteditor; Maintainer for src:ktexteditor is Debian/Kubuntu Qt/KDE Maintainers <debian-qt-kde@listsdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 24 Apr 2018 18:54:02 UTC Sever ...

Mailing Lists

With Wayland, it's no longer supported to run graphical applications as root The big desktop environments want to allow users to edit and manage files through graphical applications (mostly text editors and file managers) They have therefore implemented D-Bus services to perform file I/O as root, authenticated through polkit We have reviewed va ...