Public bug reported:
[ Impact ]
* ksmserver: Unauthorized users can access session manager
* CVE-2024-36041 security
[ Test Plan ]
* KSmserver, KDE's XSMP manager, incorrectly allows connections via ICE
based purely on the host, allowing all local connections. This allows
another user on the same machine to gain access to the session
manager.
A well crafted client could use the session restore feature to execute
arbitrary code as the user on the next boot.
[ Where problems could occur ]
[ Other Info ]
* New release to fix CVE
** Affects: plasma-workspace (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Kubuntu
Bugs, which is subscribed to plasma-workspace in Ubuntu.
https://bugs.launchpad.net/bugs/2067742
Title:
SRu: CVE-2024-36041 Fix ksmserver: Unauthorized users can access
session manager
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/plasma-workspace/+bug/2067742/+subscriptions
--
kubuntu-bugs mailing list
kubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/kubuntu-bugs
