CVE-2018-10361 - OpenCVE

An issue was discovered in KTextEditor 5.34.0 through 5.45.0. Insecure handling of temporary files in the KTextEditor's kauth_ktexteditor_helper service (as utilized in the Kate text editor) can allow other unprivileged users on the local system to gain root privileges. The attack occurs when one user (who has an unprivileged account but is also able to authenticate as root) writes a text file using Kate into a directory owned by a another unprivileged user. The latter unprivileged user conducts a symlink attack to achieve privilege escalation.

No CVSS v4.0

No CVSS v3.1

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:L/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Kde	Ktexteditor

Configuration 1 [-]

cpe:2.3:a:kde:ktexteditor:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.openwall.com/lists/oss-security/2018/04/24/1
http://www.openwall.com/lists/oss-security/2019/07/09/3
https://bugzilla.suse.com/show_bug.cgi?id=1033055

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2018-04-25T05:00:00

Updated: 2024-08-05T07:39:06.699Z

Reserved: 2018-04-24T00:00:00

Link: CVE-2018-10361

Vulnrichment

No data.

NVD

Status : Modified

Published: 2018-04-25T05:29:00.237

Modified: 2019-10-03T00:03:26.223

Link: CVE-2018-10361

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2018-04-24T00:00:00", "descriptions": [{"lang": "en", "value": "An issue was discovered in KTextEditor 5.34.0 through 5.45.0. Insecure handling of temporary files in the KTextEditor's kauth_ktexteditor_helper service (as utilized in the Kate text editor) can allow other unprivileged users on the local system to gain root privileges. The attack occurs when one user (who has an unprivileged account but is also able to authenticate as root) writes a text file using Kate into a directory owned by a another unprivileged user. The latter unprivileged user conducts a symlink attack to achieve privilege escalation."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-07-09T17:06:05", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://www.openwall.com/lists/oss-security/2018/04/24/1"}, {"tags": ["x_refsource_MISC"], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1033055"}, {"name": "[oss-security] 20190709 Privileged File Access from Desktop Applications", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2019/07/09/3"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-10361", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An issue was discovered in KTextEditor 5.34.0 through 5.45.0. Insecure handling of temporary files in the KTextEditor's kauth_ktexteditor_helper service (as utilized in the Kate text editor) can allow other unprivileged users on the local system to gain root privileges. The attack occurs when one user (who has an unprivileged account but is also able to authenticate as root) writes a text file using Kate into a directory owned by a another unprivileged user. The latter unprivileged user conducts a symlink attack to achieve privilege escalation."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.openwall.com/lists/oss-security/2018/04/24/1", "refsource": "MISC", "url": "http://www.openwall.com/lists/oss-security/2018/04/24/1"}, {"name": "https://bugzilla.suse.com/show_bug.cgi?id=1033055", "refsource": "MISC", "url": "https://bugzilla.suse.com/show_bug.cgi?id=1033055"}, {"name": "[oss-security] 20190709 Privileged File Access from Desktop Applications", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2019/07/09/3"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T07:39:06.699Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2018/04/24/1"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1033055"}, {"name": "[oss-security] 20190709 Privileged File Access from Desktop Applications", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2019/07/09/3"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-10361", "datePublished": "2018-04-25T05:00:00", "dateReserved": "2018-04-24T00:00:00", "dateUpdated": "2024-08-05T07:39:06.699Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:kde:ktexteditor:*:*:*:*:*:*:*:*", "matchCriteriaId": "420BE423-7BD1-4402-B708-77DA9B151AD1", "versionEndIncluding": "5.45.0", "versionStartIncluding": "5.34.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An issue was discovered in KTextEditor 5.34.0 through 5.45.0. Insecure handling of temporary files in the KTextEditor's kauth_ktexteditor_helper service (as utilized in the Kate text editor) can allow other unprivileged users on the local system to gain root privileges. The attack occurs when one user (who has an unprivileged account but is also able to authenticate as root) writes a text file using Kate into a directory owned by a another unprivileged user. The latter unprivileged user conducts a symlink attack to achieve privilege escalation."}, {"lang": "es", "value": "Se ha descubierto un problema en KTextEditor, desde la versi\u00f3n 5.34.0 hasta la 5.45.0. La gesti\u00f3n insegura de archivos temporales en el servicio kauth_ktexteditor_helper de KTextEditor (tal y como se emplea en el editor de texto de Kate) puede permitir que otros usuarios sin privilegios en el sistema local obtengan privilegios root. El ataque ocurre cuando un usuario (que tiene una cuenta no privilegiada pero tambi\u00e9n puede autenticarse como root) escribe un archivo de texto con Kate en un directorio propiedad de otro usuario sin privilegios. Este \u00faltimo usuario sin privilegios lleva a cabo un ataque de v\u00ednculo simb\u00f3lico para lograr el escalado de privilegios."}], "id": "CVE-2018-10361", "lastModified": "2019-10-03T00:03:26.223", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-04-25T05:29:00.237", "references": [{"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2018/04/24/1"}, {"source": "cve@mitre.org", "url": "http://www.openwall.com/lists/oss-security/2019/07/09/3"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1033055"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-668"}], "source": "nvd@nist.gov", "type": "Primary"}]}