cnvd - cnvd-2018-09405

cnvd-2018-09405

Vulnerability from cnvd

Title: KTextEditor权限提升漏洞

Description:

KTextEditor是一款KDE Frameworks中的提供高级纯文本编辑功能的编辑器。

KTextEditor 5.34.0版本至5.45.0版本中存在安全漏洞，该漏洞源于KTextEditor的kauth_ktexteditor_helper服务未能正确的处理临时文件。攻击者可通过向其他非特权用户所有的目录写入文本文件并通过其他用户实施符号链接攻击利用该漏洞获取root权限。

Severity: 高

Formal description:

目前厂商暂未发布修复措施解决此安全问题，建议使用此软件的用户随时关注厂商主页或参考网址以获取解决办法： https://api.kde.org/frameworks/ktexteditor/html/index.html

Reference: http://www.openwall.com/lists/oss-security/2018/04/24/1 https://bugzilla.suse.com/show_bug.cgi?id=1033055

Impacted products

Name
KDE KTextEditor >=5.34.0，<=5.45.0

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-10361"
    }
  },
  "description": "KTextEditor\u662f\u4e00\u6b3eKDE Frameworks\u4e2d\u7684\u63d0\u4f9b\u9ad8\u7ea7\u7eaf\u6587\u672c\u7f16\u8f91\u529f\u80fd\u7684\u7f16\u8f91\u5668\u3002\r\n\r\nKTextEditor 5.34.0\u7248\u672c\u81f35.45.0\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8eKTextEditor\u7684kauth_ktexteditor_helper\u670d\u52a1\u672a\u80fd\u6b63\u786e\u7684\u5904\u7406\u4e34\u65f6\u6587\u4ef6\u3002\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u5411\u5176\u4ed6\u975e\u7279\u6743\u7528\u6237\u6240\u6709\u7684\u76ee\u5f55\u5199\u5165\u6587\u672c\u6587\u4ef6\u5e76\u901a\u8fc7\u5176\u4ed6\u7528\u6237\u5b9e\u65bd\u7b26\u53f7\u94fe\u63a5\u653b\u51fb\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6root\u6743\u9650\u3002",
  "discovererName": "Luca Beltrame",
  "formalWay": "\u76ee\u524d\u5382\u5546\u6682\u672a\u53d1\u5e03\u4fee\u590d\u63aa\u65bd\u89e3\u51b3\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u5efa\u8bae\u4f7f\u7528\u6b64\u8f6f\u4ef6\u7684\u7528\u6237\u968f\u65f6\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u6216\u53c2\u8003\u7f51\u5740\u4ee5\u83b7\u53d6\u89e3\u51b3\u529e\u6cd5\uff1a\r\nhttps://api.kde.org/frameworks/ktexteditor/html/index.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-09405",
  "openTime": "2018-05-14",
  "products": {
    "product": "KDE KTextEditor \u003e=5.34.0\uff0c\u003c=5.45.0"
  },
  "referenceLink": "http://www.openwall.com/lists/oss-security/2018/04/24/1\r\nhttps://bugzilla.suse.com/show_bug.cgi?id=1033055",
  "serverity": "\u9ad8",
  "submitTime": "2018-04-27",
  "title": "KTextEditor\u6743\u9650\u63d0\u5347\u6f0f\u6d1e"
}

CVE-2018-10361 (GCVE-0-2018-10361)

Vulnerability from cvelistv5

Published

2018-04-25 05:00

Modified

2024-08-05 07:39

Severity ?

CWE

Summary

An issue was discovered in KTextEditor 5.34.0 through 5.45.0. Insecure handling of temporary files in the KTextEditor's kauth_ktexteditor_helper service (as utilized in the Kate text editor) can allow other unprivileged users on the local system to gain root privileges. The attack occurs when one user (who has an unprivileged account but is also able to authenticate as root) writes a text file using Kate into a directory owned by a another unprivileged user. The latter unprivileged user conducts a symlink attack to achieve privilege escalation.

References

▼	URL	Tags
	http://www.openwall.com/lists/oss-security/2018/04/24/1	x_refsource_MISC
	https://bugzilla.suse.com/show_bug.cgi?id=1033055	x_refsource_MISC
	http://www.openwall.com/lists/oss-security/2019/07/09/3	mailing-list, x_refsource_MLIST

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T07:39:06.699Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2018/04/24/1"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.suse.com/show_bug.cgi?id=1033055"
          },
          {
            "name": "[oss-security] 20190709 Privileged File Access from Desktop Applications",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2019/07/09/3"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2018-04-24T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in KTextEditor 5.34.0 through 5.45.0. Insecure handling of temporary files in the KTextEditor\u0027s kauth_ktexteditor_helper service (as utilized in the Kate text editor) can allow other unprivileged users on the local system to gain root privileges. The attack occurs when one user (who has an unprivileged account but is also able to authenticate as root) writes a text file using Kate into a directory owned by a another unprivileged user. The latter unprivileged user conducts a symlink attack to achieve privilege escalation."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-07-09T17:06:05",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2018/04/24/1"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.suse.com/show_bug.cgi?id=1033055"
        },
        {
          "name": "[oss-security] 20190709 Privileged File Access from Desktop Applications",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2019/07/09/3"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2018-10361",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in KTextEditor 5.34.0 through 5.45.0. Insecure handling of temporary files in the KTextEditor\u0027s kauth_ktexteditor_helper service (as utilized in the Kate text editor) can allow other unprivileged users on the local system to gain root privileges. The attack occurs when one user (who has an unprivileged account but is also able to authenticate as root) writes a text file using Kate into a directory owned by a another unprivileged user. The latter unprivileged user conducts a symlink attack to achieve privilege escalation."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.openwall.com/lists/oss-security/2018/04/24/1",
              "refsource": "MISC",
              "url": "http://www.openwall.com/lists/oss-security/2018/04/24/1"
            },
            {
              "name": "https://bugzilla.suse.com/show_bug.cgi?id=1033055",
              "refsource": "MISC",
              "url": "https://bugzilla.suse.com/show_bug.cgi?id=1033055"
            },
            {
              "name": "[oss-security] 20190709 Privileged File Access from Desktop Applications",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2019/07/09/3"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2018-10361",
    "datePublished": "2018-04-25T05:00:00",
    "dateReserved": "2018-04-24T00:00:00",
    "dateUpdated": "2024-08-05T07:39:06.699Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted