[policykit-kde-agent-1] [Bug 498957] New: [CVE-2024-37408] Security attention for fingerprint
Yaron Shahrabani
bugzilla_noreply at kde.org
Tue Jan 21 12:03:42 GMT 2025
https://bugs.kde.org/show_bug.cgi?id=498957
Bug ID: 498957
Summary: [CVE-2024-37408] Security attention for fingerprint
Classification: Plasma
Product: policykit-kde-agent-1
Version: master
Platform: Kubuntu
OS: Linux
Status: REPORTED
Severity: major
Priority: NOR
Component: general
Assignee: unassigned-bugs at kde.org
Reporter: sh.yaron at gmail.com
CC: drf at kde.org, jgrulich at redhat.com, jreznik at redhat.com
Target Milestone: ---
SUMMARY
When fingerprint is configured, launching pkexec will prompt for my
fingerprint, I can send this window to the background which could serve an
attacker to do some malicious actions on my behalf.
STEPS TO REPRODUCE
(On a machine with fingerprint authentication configured)
1. Open a terminal
2. Run "pkexec whoami"
3. Observe the PolicyKit dialog
4. Send the dialog to the background
5. Tap the fingerprint reader
OBSERVED RESULT
The terminal will display root although the PolicyKit window wasn't even
focused.
EXPECTED RESULT
The fingerprint should be handled only when the PolicyKit dialog is focused and
in the front, otherwise the fingerprint should affect.
SOFTWARE/OS VERSIONS
Operating System: Kubuntu 24.10
KDE Plasma Version: 6.1.5
KDE Frameworks Version: 6.6.0
Qt Version: 6.6.2
Kernel Version: 6.11.0-13-generic (64-bit)
(Although irrelevant)
ADDITIONAL INFORMATION
The CVE is much wider but this is one of the ways to exploit this vulnerability
in KDE (Doesn't happen in GNOME).
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the Unassigned-bugs
mailing list