Candidate: CVE-2018-10361
PublicDate: 2018-04-25 05:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10361
 http://www.openwall.com/lists/oss-security/2018/04/24/1
 https://bugzilla.suse.com/show_bug.cgi?id=1033055
Description:
 An issue was discovered in KTextEditor 5.34.0 through 5.45.0. Insecure
 handling of temporary files in the KTextEditor's kauth_ktexteditor_helper
 service (as utilized in the Kate text editor) can allow other unprivileged
 users on the local system to gain root privileges. The attack occurs when
 one user (who has an unprivileged account but is also able to authenticate
 as root) writes a text file using Kate into a directory owned by a another
 unprivileged user. The latter unprivileged user conducts a symlink attack
 to achieve privilege escalation.
Ubuntu-Description:
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=896836
Priority: medium
Discovered-by: Matthias Gerstner
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H [7.8 HIGH]


Patches_ktexteditor:
upstream_ktexteditor: released (5.47.0-1)
precise/esm_ktexteditor: DNE
trusty_ktexteditor: DNE
trusty/esm_ktexteditor: DNE
xenial_ktexteditor: not-affected (code not present)
artful_ktexteditor: ignored (reached end-of-life)
bionic_ktexteditor: needed
cosmic_ktexteditor: ignored (reached end-of-life)
disco_ktexteditor: ignored (reached end-of-life)
eoan_ktexteditor: not-affected (5.62.0)
focal_ktexteditor: not-affected (5.62.0)
groovy_ktexteditor: not-affected (5.62.0)
hirsute_ktexteditor: not-affected (5.62.0)
impish_ktexteditor: not-affected (5.62.0)
jammy_ktexteditor: not-affected (5.62.0)
devel_ktexteditor: not-affected (5.62.0)