KAuth and KDELibs: Privilege escalation

KAuth and KDELibs: Privilege escalation A vulnerability in KAuth and KDELibs allows local users to gain root privileges. kauth,kdelibs 2017-06-27 2017-06-27 618108 local 5.29.0-r1 5.29.0-r1 4.14.32 4.14.32

KAuth provides a convenient, system-integrated way to offload actions that need to be performed as a privileged user (root, for example) to small (hopefully secure) helper utilities.

The KDE libraries, basis of KDE and used by many open source projects.

KAuth and KDELibs contains a logic flaw in which the service invoking D-Bus is not properly checked. This allows spoofing the identity of the caller and with some carefully crafted calls can lead to gaining root from an unprivileged account.

A local attacker could spoof the identity of the caller invoking D-Bus, possibly resulting in gaining privileges.

There is no known workaround at this time.

All KAuth users should upgrade to the latest version:


      # emerge --sync
      # emerge --ask --oneshot --verbose ">=kde-frameworks/kauth-5.29.0-r1"

All KDELibs users should upgrade to the latest version:


      # emerge --sync
      # emerge --ask --oneshot --verbose ">=kde-frameworks/kdelibs-4.14.32"

CVE-2017-8422 whissi whissi