HIGH🇬🇧 English

CVE-2017-7622

CVSS 8.8v3.0pub. 2017-04-10upd. 2026-05-13

dde-daemon, the daemon process of DDE (Deepin Desktop Environment) 15.0 through 15.3, runs with root privileges and hardly does anything to identify the user who calls the function through D-Bus. Anybody can change the grub config, even to append some arguments to make a backdoor or privilege escalation, by calling DoWriteGrubSettings() provided by dde-daemon.

oryginał EN
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • Deepin Desktop Environment

    APP
    Deepin
    15.015.115.215.3
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
LPE
CWE
Referencje

Powiązane podatności

CVE-2023-50255CRITICAL9.3PL ✓ten sam vendor

Path traversal w Deepin-Compressor umożliwiający zdalne wykonanie kodu

CVE-2023-50254CRITICAL9.3PL ✓ten sam vendor

RCE w Deepin Reader poprzez path traversal w plikach DOCX

CVE-2019-13226HIGH7.0ten sam vendor

deepin-clone before 1.1.3 uses a predictable path /tmp/.deepin-clone/mount/<block-dev-basename> in the Helper:...

CVE-2019-13227MEDIUM5.5ten sam vendor

In GUI mode, deepin-clone before 1.1.3 creates a log file at the fixed path /tmp/.deepin-clone.log as root, an...

CVE-2019-13228MEDIUM4.7ten sam vendor

deepin-clone before 1.1.3 uses a fixed path /tmp/repo.iso in the BootDoctor::fix() function to download an ISO...