CVE-2017-7622

2017-04-10 19:59:00 2019-10-03 02:03:26

dde-daemon, the daemon process of DDE (Deepin Desktop Environment) 15.0 through 15.3, runs with root privileges and hardly does anything to identify the user who calls the function through D-Bus. Anybody can change the grub config, even to append some arguments to make a backdoor or privilege escalation, by calling DoWriteGrubSettings() provided by dde-daemon.

Vector

NETWORK

Complexity

LOW

Authentication

SINGLE_INSTANCE

Confidentiality

COMPLETE

Integrity

COMPLETE

Availability

COMPLETE

Deepin Deepin desktop environment 15.3 (not an official CPE) Deepin Deepin desktop environment 15.2 (not an official CPE) Deepin Deepin desktop environment 15.1 (not an official CPE) Deepin Deepin desktop environment 15.0 (not an official CPE)

Deepin - Deepin desktop environment

Advisory	Patch	Confirmed	Link
			https://github.com/kings-way/deepinhack/blob/master/dde_...

CVE-2017-7622

2017-04-10 19:59:00 2019-10-03 02:03:26

Vector

Complexity

Authentication

Confidentiality

Integrity

Availability

Missing Authorization (ID 862)