DescriptionKDE KAuth before 5.55 allows the passing of parameters with arbitrary types to helpers running as root over DBus via DBusHelperProxy.cpp. Certain types can cause crashes, and trigger the decoding of arbitrary images with dynamically loaded plugins. In other words, KAuth unintentionally causes this plugin code to run as root, which increases the severity of any possible exploitation of a plugin vulnerability.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severityhigh (attack range: remote)
Debian Bugs921995, 922727

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
kauth (PTS)stretch5.28.0-2+deb9u1fixed
buster, sid5.54.0-2fixed
kde4libs (PTS)jessie (security), jessie4:4.14.2-5+deb8u2vulnerable
buster, sid4:4.14.38-3vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs


[buster] - kde4libs <no-dsa> (Minor issue)
[stretch] - kde4libs <no-dsa> (Minor issue)
[jessie] - kde4libs <no-dsa> (Minor issue)

Search for package or bug name: Reporting problems