CVE-2017-7622
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
10/04/2017
Last modified:
03/10/2019
Description
dde-daemon, the daemon process of DDE (Deepin Desktop Environment) 15.0 through 15.3, runs with root privileges and hardly does anything to identify the user who calls the function through D-Bus. Anybody can change the grub config, even to append some arguments to make a backdoor or privilege escalation, by calling DoWriteGrubSettings() provided by dde-daemon.
Impact
Base Score 3.x
8.80
Severity 3.x
HIGH
Base Score 2.0
9.00
Severity 2.0
HIGH
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:a:deepin:deepin_desktop_environment:15.0:*:*:*:*:*:*:* | ||
cpe:2.3:a:deepin:deepin_desktop_environment:15.1:*:*:*:*:*:*:* | ||
cpe:2.3:a:deepin:deepin_desktop_environment:15.2:*:*:*:*:*:*:* | ||
cpe:2.3:a:deepin:deepin_desktop_environment:15.3:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page