ID CVE-2017-8422
Summary KDE kdelibs before 4.14.32 and KAuth before 5.34 allow local users to gain root privileges by spoofing a callerID and leveraging a privileged helper app.
References
Vulnerable Configurations
  • cpe:2.3:a:kde:kauth:5.33
    cpe:2.3:a:kde:kauth:5.33
  • cpe:2.3:a:kde:kdelibs:4.14.31
    cpe:2.3:a:kde:kdelibs:4.14.31
CVSS
Base: 7.2
Impact:
Exploitability:
CWE CWE-290
CAPEC
  • Exploitation of Session Variables, Resource IDs and other Trusted Credentials
    Attacks on session IDs and resource IDs take advantage of the fact that some software accepts user input without verifying its authenticity. For example, a message queuing system that allows service requesters to post messages to its queue through an open channel (such as anonymous FTP), authorization is done through checking group or role membership contained in the posted message. However, there is no proof that the message itself, the information in the message (such group or role membership), or indeed the process that wrote the message to the queue are authentic and authorized to do so. Many server side processes are vulnerable to these attacks because the server to server communications have not been analyzed from a security perspective or the processes "trust" other systems because they are behind a firewall. In a similar way servers that use easy to guess or spoofable schemes for representing digital identity can also be vulnerable. Such systems frequently use schemes without cryptography and digital signatures (or with broken cryptography). Session IDs may be guessed due to insufficient randomness, poor protection (passed in the clear), lack of integrity (unsigned), or improperly correlation with access control policy enforcement points. Exposed configuration and properties files that contain system passwords, database connection strings, and such may also give an attacker an edge to identify these identifiers. The net result is that spoofing and impersonation is possible leading to an attacker's ability to break authentication, authorization, and audit controls on the system.
  • Exploiting Trust in Client (aka Make the Client Invisible)
    An attack of this type exploits a programs' vulnerabilities in client/server communication channel authentication and data integrity. It leverages the implicit trust a server places in the client, or more importantly, that which the server believes is the client. An attacker executes this type of attack by placing themselves in the communication channel between client and server such that communication directly to the server is possible where the server believes it is communicating only with a valid client. There are numerous variations of this type of attack.
  • Creating a Rogue Certificate Authority Certificate
    An attacker exploits a weakness in the MD5 hash algorithm (weak collision resistance) to generate a certificate signing request (CSR) that contains collision blocks in the "to be signed" part. The attacker specially crafts two different, but valid X.509 certificates that when hashed with the MD5 algorithm would yield the same value. The attacker then sends the CSR for one of the certificates to the Certification Authority which uses the MD5 hashing algorithm. That request is completely valid and the Certificate Authority issues an X.509 certificate to the attacker which is signed with its private key. An attacker then takes that signed blob and inserts it into another X.509 certificate that the attacker generated. Due to the MD5 collision, both certificates, though different, hash to the same value and so the signed blob works just as well in the second certificate. The net effect is that the attackers' second X.509 certificate, which the Certification Authority has never seen, is now signed and validated by that Certification Authority. To make the attack more interesting, the second certificate could be not just a regular certificate, but rather itself a signing certificate. Thus the attacker is able to start their own Certification Authority that is anchored in its root of trust in the legitimate Certification Authority that has signed the attackers' first X.509 certificate. If the original Certificate Authority was accepted by default by browsers, so will now the Certificate Authority set up by the attacker and of course any certificates that it signs. So the attacker is now able to generate any SSL certificates to impersonate any web server, and the user's browser will not issue any warning to the victim. This can be used to compromise HTTPS communications and other types of systems where PKI and X.509 certificates may be used (e.g., VPN, IPSec) .
  • Web Services API Signature Forgery Leveraging Hash Function Extension Weakness
    When web services require callees to authenticate, they sometimes issue a token / secret to the caller that the caller is to use to sign their web service calls. In one such scheme the caller when constructing a request would concatenate all of the parameters passed to the web service with the provided authentication token and then generate a hash of the concatenated string (e.g., MD5, SHA1, etc.). That hash then forms the signature that is passed to the web service which is used on the server side to verify the origin authenticity and integrity of the message. There is a practical attack against an authentication scheme of this nature that makes use of the hash function extension / padding weakness. Leveraging this weakness, an attacker, who does not know the secret token, is able to modify the parameters passed to the web service by generating their own call and still generate a legitimate signature hash. For instance, consider the message to be passed to the web service is M (this message includes the parameters passed to the web service concatenated with the secret token / key bytes). The message M is hashed and that hash is passed to the web service and is used for authentication. The attacker does not know M, but can see Hash (M) and Length (M). The attacker can then compute Hash (M || Padding (M) II M') for any M'. The attacker does not know the entire message M, specifically the attacker does not know the secret bytes, but that does not matter. The attacker is still able to sign their own message M' and make the called web service verify the integrity of the message without an error. Because of the iterative design of the hash function, it is possible, from only the hash of a message and its length, to compute the hash of longer messages that start with the initial message and include the padding required for the initial message to reach a multiple of 512 bits. It is important to note that the attack not limited to MD5 and will work just as well with another hash function like SHA1.
  • Signature Spoof
    An attacker generates a message or datablock that causes the recipient to believe that the message or datablock was generated and cryptographically signed by an authoritative or reputable source, misleading a victim or victim operating system into performing malicious actions.
  • Session Credential Falsification through Prediction
    This attack targets predictable session ID in order to gain privileges. The attacker can predict the session ID used during a transaction to perform spoofing and session hijacking.
  • Reusing Session IDs (aka Session Replay)
    This attack targets the reuse of valid session ID to spoof the target system in order to gain privileges. The attacker tries to reuse a stolen session ID used previously during a transaction to perform spoofing and session hijacking. Another name for this type of attack is Session Replay.
  • Man in the Middle Attack
    This type of attack targets the communication between two components (typically client and server). The attacker places himself in the communication channel between the two components. Whenever one component attempts to communicate with the other (data flow, authentication challenges, etc.), the data first goes to the attacker, who has the opportunity to observe or alter it, and it is then passed on to the other component as if it was never intercepted. This interposition is transparent leaving the two compromised components unaware of the potential corruption or leakage of their communications. The potential for Man-in-the-Middle attacks yields an implicit lack of trust in communication or identify between two components.
exploit-db via4
description KDE 4/5 - 'KAuth' Privilege Escalation. CVE-2017-8422,CVE-2017-8849. Local exploit for Linux platform
file exploits/linux/local/42053.c
id EDB-ID:42053
last seen 2017-05-25
modified 2017-05-18
platform linux
port
published 2017-05-18
reporter Exploit-DB
source https://www.exploit-db.com/download/42053/
title KDE 4/5 - 'KAuth' Privilege Escalation
type local
nessus via4
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2017-AFF6F6BD9D.NASL
    description security fix for CVE-2017-8422. https://www.kde.org/info/security/advisory-20170510-1.txt Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-02-02
    plugin id 100197
    published 2017-05-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=100197
    title Fedora 25 : 6:kdelibs (2017-aff6f6bd9d)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_0BAEE383356C11E7B9A950E549EBAB6C.NASL
    description Albert Astals Cid reports : KAuth contains a logic flaw in which the service invoking dbus is not properly checked. This allows spoofing the identity of the caller and with some carefully crafted calls can lead to gaining root from an unprivileged account.
    last seen 2019-02-21
    modified 2018-11-21
    plugin id 100113
    published 2017-05-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=100113
    title FreeBSD : kauth: Local privilege escalation (0baee383-356c-11e7-b9a9-50e549ebab6c)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-952.NASL
    description Several vulnerabilities were discovered in kde4libs, the core libraries for all KDE 4 applications. The Common Vulnerabilities and Exposures project identifies the following problems : CVE-2017-6410 Itzik Kotler, Yonatan Fridburg and Amit Klein of Safebreach Labs reported that URLs are not sanitized before passing them to FindProxyForURL, potentially allowing a remote attacker to obtain sensitive information via a crafted PAC file. CVE-2017-8422 Sebastian Krahmer from SUSE discovered that the KAuth framework contains a logic flaw in which the service invoking dbus is not properly checked. This flaw allows spoofing the identity of the caller and gaining root privileges from an unprivileged account. CVE-2013-2074 It was discovered that KIO would show web authentication credentials in some error cases. For Debian 7 'Wheezy', these problems have been fixed in version 4:4.8.4-4+deb7u3. We recommend that you upgrade your kde4libs packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-09
    plugin id 100431
    published 2017-05-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=100431
    title Debian DLA-952-1 : kde4libs security update
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-3849.NASL
    description Several vulnerabilities were discovered in kde4libs, the core libraries for all KDE 4 applications. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2017-6410 Itzik Kotler, Yonatan Fridburg and Amit Klein of Safebreach Labs reported that URLs are not sanitized before passing them to FindProxyForURL, potentially allowing a remote attacker to obtain sensitive information via a crafted PAC file. - CVE-2017-8422 Sebastian Krahmer from SUSE discovered that the KAuth framework contains a logic flaw in which the service invoking dbus is not properly checked. This flaw allows spoofing the identity of the caller and gaining root privileges from an unprivileged account.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 100163
    published 2017-05-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=100163
    title Debian DSA-3849-1 : kde4libs - security update
  • NASL family Virtuozzo Local Security Checks
    NASL id VIRTUOZZO_VZLSA-2017-1264.NASL
    description An update for kdelibs is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The K Desktop Environment (KDE) is a graphical desktop environment for the X Window System. The kdelibs packages include core libraries for the K Desktop Environment. Security Fix(es) : * A privilege escalation flaw was found in the way kdelibs handled D-Bus messages. A local user could potentially use this flaw to gain root privileges by spoofing a callerID and leveraging a privileged helper application. (CVE-2017-8422) Red Hat would like to thank Sebastian Krahmer (SUSE) for reporting this issue. Note that Tenable Network Security has attempted to extract the preceding description block directly from the corresponding Red Hat security advisory. Virtuozzo provides no description for VZLSA advisories. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-20
    plugin id 101468
    published 2017-07-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=101468
    title Virtuozzo 7 : kdelibs / kdelibs-apidocs / kdelibs-common / etc (VZLSA-2017-1264)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2017-1264.NASL
    description An update for kdelibs is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The K Desktop Environment (KDE) is a graphical desktop environment for the X Window System. The kdelibs packages include core libraries for the K Desktop Environment. Security Fix(es) : * A privilege escalation flaw was found in the way kdelibs handled D-Bus messages. A local user could potentially use this flaw to gain root privileges by spoofing a callerID and leveraging a privileged helper application. (CVE-2017-8422) Red Hat would like to thank Sebastian Krahmer (SUSE) for reporting this issue.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 100328
    published 2017-05-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=100328
    title CentOS 7 : kdelibs (CESA-2017:1264)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2017-1264.NASL
    description An update for kdelibs is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The K Desktop Environment (KDE) is a graphical desktop environment for the X Window System. The kdelibs packages include core libraries for the K Desktop Environment. Security Fix(es) : * A privilege escalation flaw was found in the way kdelibs handled D-Bus messages. A local user could potentially use this flaw to gain root privileges by spoofing a callerID and leveraging a privileged helper application. (CVE-2017-8422) Red Hat would like to thank Sebastian Krahmer (SUSE) for reporting this issue.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 100345
    published 2017-05-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=100345
    title RHEL 7 : kdelibs (RHSA-2017:1264)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2017-7E3437B905.NASL
    description security fix for CVE-2017-8422. https://www.kde.org/info/security/advisory-20170510-1.txt Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-02-02
    plugin id 100193
    published 2017-05-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=100193
    title Fedora 25 : kf5-kauth (2017-7e3437b905)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2017-DD51077C87.NASL
    description security fix for CVE-2017-8422. https://www.kde.org/info/security/advisory-20170510-1.txt Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-02-02
    plugin id 101735
    published 2017-07-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=101735
    title Fedora 26 : 6:kdelibs (2017-dd51077c87)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-3286-1.NASL
    description Sebastian Krahmer discovered that the KDE-Libs Kauth component incorrectly checked services invoking D-Bus. A local attacker could use this issue to gain root privileges. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 100217
    published 2017-05-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=100217
    title Ubuntu 14.04 LTS : kde4libs vulnerability (USN-3286-1)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2017-575.NASL
    description This update for kauth and kdelibs4 fixes the following issues : - CVE-2017-8422: logic flaw in the KAuth framework allowed privilege escalation (boo#1036244).
    last seen 2019-02-21
    modified 2018-01-26
    plugin id 100202
    published 2017-05-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=100202
    title openSUSE Security Update : kauth / kdelibs4 (openSUSE-2017-575)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2017-1264.NASL
    description From Red Hat Security Advisory 2017:1264 : An update for kdelibs is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The K Desktop Environment (KDE) is a graphical desktop environment for the X Window System. The kdelibs packages include core libraries for the K Desktop Environment. Security Fix(es) : * A privilege escalation flaw was found in the way kdelibs handled D-Bus messages. A local user could potentially use this flaw to gain root privileges by spoofing a callerID and leveraging a privileged helper application. (CVE-2017-8422) Red Hat would like to thank Sebastian Krahmer (SUSE) for reporting this issue.
    last seen 2019-02-21
    modified 2018-07-24
    plugin id 100343
    published 2017-05-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=100343
    title Oracle Linux 7 : kdelibs (ELSA-2017-1264)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2017-8B4898CE81.NASL
    description security fix for CVE-2017-8422. https://www.kde.org/info/security/advisory-20170510-1.txt Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-02-02
    plugin id 100229
    published 2017-05-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=100229
    title Fedora 24 : 6:kdelibs (2017-8b4898ce81)
  • NASL family Slackware Local Security Checks
    NASL id SLACKWARE_SSA_2017-136-02.NASL
    description New kdelibs packages are available for Slackware 13.37, 14.0, 14.1, 14.2, and -current to fix a security issue.
    last seen 2019-02-21
    modified 2018-01-26
    plugin id 100224
    published 2017-05-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=100224
    title Slackware 13.37 / 14.0 / 14.1 / 14.2 / current : kdelibs (SSA:2017-136-02)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2017-6BDBF57F29.NASL
    description security fix for CVE-2017-8422. https://www.kde.org/info/security/advisory-20170510-1.txt Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-02-01
    plugin id 100191
    published 2017-05-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=100191
    title Fedora 24 : kf5-kauth (2017-6bdbf57f29)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20170522_KDELIBS_ON_SL7_X.NASL
    description Security Fix(es) : - A privilege escalation flaw was found in the way kdelibs handled D-Bus messages. A local user could potentially use this flaw to gain root privileges by spoofing a callerID and leveraging a privileged helper application. (CVE-2017-8422)
    last seen 2019-02-21
    modified 2018-12-27
    plugin id 100349
    published 2017-05-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=100349
    title Scientific Linux Security Update : kdelibs on SL7.x x86_64
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2017-1335-1.NASL
    description This update for kdelibs4 fixes the following issues : - CVE-2017-8422: This update fixes problem in the DBUS authentication of the kauth framework that could be used to escalate privileges depending on bugs or misimplemented dbus services. (boo#1036244) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-30
    plugin id 100290
    published 2017-05-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=100290
    title SUSE SLED12 / SLES12 Security Update : kdelibs4 (SUSE-SU-2017:1335-1)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2017-0898C704A1.NASL
    description security fix for CVE-2017-8422. https://www.kde.org/info/security/advisory-20170510-1.txt Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-02-01
    plugin id 101567
    published 2017-07-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=101567
    title Fedora 26 : kf5-kauth (2017-0898c704a1)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201706-29.NASL
    description The remote host is affected by the vulnerability described in GLSA-201706-29 (KAuth and KDELibs: Privilege escalation) KAuth and KDELibs contains a logic flaw in which the service invoking D-Bus is not properly checked. This allows spoofing the identity of the caller and with some carefully crafted calls can lead to gaining root from an unprivileged account. Impact : A local attacker could spoof the identity of the caller invoking D-Bus, possibly resulting in gaining privileges. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-01-26
    plugin id 101075
    published 2017-06-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=101075
    title GLSA-201706-29 : KAuth and KDELibs: Privilege escalation
packetstorm via4
data source https://packetstormsecurity.com/files/download/142638/kde45-escalate.txt
id PACKETSTORM:142638
last seen 2017-05-25
published 2017-05-23
reporter stealth
source https://packetstormsecurity.com/files/142638/KDE-4-5-KAuth-Privilege-Escalation.html
title KDE 4/5 KAuth Privilege Escalation
redhat via4
advisories
bugzilla
id 1449647
title CVE-2017-8422 kauth: service invoking dbus is not properly checked and allows local privilege escalation
oval
AND
  • OR
    • comment Red Hat Enterprise Linux 7 Client is installed
      oval oval:com.redhat.rhba:tst:20150364001
    • comment Red Hat Enterprise Linux 7 Server is installed
      oval oval:com.redhat.rhba:tst:20150364002
    • comment Red Hat Enterprise Linux 7 Workstation is installed
      oval oval:com.redhat.rhba:tst:20150364003
    • comment Red Hat Enterprise Linux 7 ComputeNode is installed
      oval oval:com.redhat.rhba:tst:20150364004
  • OR
    • AND
      • comment kdelibs is earlier than 6:4.14.8-6.el7_3
        oval oval:com.redhat.rhsa:tst:20171264011
      • comment kdelibs is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20110464006
    • AND
      • comment kdelibs-apidocs is earlier than 6:4.14.8-6.el7_3
        oval oval:com.redhat.rhsa:tst:20171264013
      • comment kdelibs-apidocs is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20110464010
    • AND
      • comment kdelibs-common is earlier than 6:4.14.8-6.el7_3
        oval oval:com.redhat.rhsa:tst:20171264009
      • comment kdelibs-common is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20110464008
    • AND
      • comment kdelibs-devel is earlier than 6:4.14.8-6.el7_3
        oval oval:com.redhat.rhsa:tst:20171264007
      • comment kdelibs-devel is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20110464012
    • AND
      • comment kdelibs-ktexteditor is earlier than 6:4.14.8-6.el7_3
        oval oval:com.redhat.rhsa:tst:20171264005
      • comment kdelibs-ktexteditor is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20171264006
rhsa
id RHSA-2017:1264
released 2017-05-22
severity Important
title RHSA-2017:1264: kdelibs security update (Important)
rpms
  • kdelibs-6:4.14.8-6.el7_3
  • kdelibs-apidocs-6:4.14.8-6.el7_3
  • kdelibs-common-6:4.14.8-6.el7_3
  • kdelibs-devel-6:4.14.8-6.el7_3
  • kdelibs-ktexteditor-6:4.14.8-6.el7_3
refmap via4
bid 98412
confirm
debian DSA-3849
exploit-db 42053
gentoo GLSA-201706-29
mlist [oss-security] 20170510 generic kde LPE
sectrack 1038480
Last major update 17-05-2017 - 10:29
Published 17-05-2017 - 10:29
Last modified 02-10-2019 - 20:03
Back to Top