QwikSec

Security Database

CVE

CWE

Training

CVE-2019-7443

Published: May 7, 2019

Modified: Aug 4, 2024

PUBLISHED

Description

KDE KAuth before 5.55 allows the passing of parameters with arbitrary types to helpers running as root over DBus via DBusHelperProxy.cpp. Certain types can cause crashes, and trigger the decoding of arbitrary images with dynamically loaded plugins. In other words, KAuth unintentionally causes this plugin code to run as root, which increases the severity of any possible exploitation of a plugin vulnerability.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00060.html

x_refsource_MISC

http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00065.html

x_refsource_MISC

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DAWLQKTUQJOAPXOFWJQAQCA4LVM2P45F/

x_refsource_MISC

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PXVUJNXB6QKGPT6YJPJSG3U2BIR5XK5Y/

x_refsource_MISC

https://cgit.kde.org/kauth.git/commit/?id=fc70fb0161c1b9144d26389434d34dd135cd3f4a

x_refsource_MISC

https://bugzilla.suse.com/show_bug.cgi?id=1124863

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.