KSmserver in KDE Plasma Workspace (aka plasma-workspace) before 5.27.11.1 and 6.x before 6.0.5.1 allows connections via ICE based purely on the host, i.e., all local connections are accepted. This allows another user on the same machine to gain access to the session manager, e.g., use the session-restore feature to execute arbitrary code as the victim (on the next boot) via earlier use of the /tmp directory.

The remote host is affected by the vulnerability described in GLSA-202407-20 (KDE Plasma Workspaces: Privilege Escalation)

    Multiple vulnerabilities have been discovered in KDE Plasma Workspaces. Please review the CVE identifiers     referenced below for details.

Tenable has extracted the preceding description block directly from the Gentoo Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Debian 11 / 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-5723 advisory.

    - -------------------------------------------------------------------------     Debian Security Advisory DSA-5723-1                   security@debian.org     https://www.debian.org/security/                       Moritz Muehlenhoff     June 27, 2024                         https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package        : plasma-workspace     CVE ID         : CVE-2024-36041

    Fabian Vogt discovered that the KDE session management server     insufficiently restricted ICE connections from localhost, which could     allow a local attacker to execute arbitrary code as another user on     next boot.

    For the oldstable distribution (bullseye), this problem has been fixed     in version 4:5.20.5-6+deb11u1.

    For the stable distribution (bookworm), this problem has been fixed in     version 4:5.27.5-2+deb12u2.

    We recommend that you upgrade your plasma-workspace packages.

    For the detailed security status of plasma-workspace please refer to     its security tracker page at:
    https://security-tracker.debian.org/tracker/plasma-workspace

    Further information about Debian Security Advisories, how to apply     these updates to your system and frequently asked questions can be     found at: https://www.debian.org/security/

    Mailing list: debian-security-announce@lists.debian.org

Tenable has extracted the preceding description block directly from the Debian security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6843-1 advisory.

    Fabian Vogt discovered that Plasma Workspace incorrectly handled connections via ICE. A local attacker     could possibly use this issue to gain access to another user's session manager and execute arbitrary code.

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3827 advisory.

    - -------------------------------------------------------------------------     Debian LTS Advisory DLA-3827-1                debian-lts@lists.debian.org     https://www.debian.org/lts/security/                          Adrian Bunk     June 14, 2024                                 https://wiki.debian.org/LTS
    - -------------------------------------------------------------------------

    Package        : plasma-workspace     Version        : 4:5.14.5.1-1+deb10u1     CVE ID         : CVE-2024-36041

    Unauthorized local user access to the session manager has been fixed in     the Plasma Workspace component of the KDE Plasma desktop environment.

    For Debian 10 buster, this problem has been fixed in version     4:5.14.5.1-1+deb10u1.

    We recommend that you upgrade your plasma-workspace packages.

    For the detailed security status of plasma-workspace please refer to     its security tracker page at:
    https://security-tracker.debian.org/tracker/plasma-workspace

    Further information about Debian LTS security advisories, how to apply     these updates to your system and frequently asked questions can be     found at: https://wiki.debian.org/LTS

Tenable has extracted the preceding description block directly from the Debian security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 479df73e-2838-11ef-9cab-4ccc6adda413 advisory.

    David Edmundson reports:
    KSmserver, KDE's XSMP manager, incorrectly allows connections via ICE                 based purely on the host, allowing all local connections. This allows                 another user on the same machine to gain access to the session                 manager.
    A well crafted client could use the session restore feature to execute                 arbitrary code as the user on the next boot.

Tenable has extracted the preceding description block directly from the FreeBSD security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-83fc86a0bc advisory.

    CVE-2024-36041

Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-d120dc28b8 advisory.

    CVE-2024-36041

Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
201937	GLSA-202407-20 : KDE Plasma Workspaces: Privilege Escalation	Nessus	Gentoo Local Security Checks	high
201116	Debian dsa-5723 : libcolorcorrect5 - security update	Nessus	Debian Local Security Checks	high
201044	Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS : Plasma Workspace vulnerability (USN-6843-1)	Nessus	Ubuntu Local Security Checks	high
200623	Debian dla-3827 : libcolorcorrect5 - security update	Nessus	Debian Local Security Checks	critical
200437	FreeBSD : plasma[56]-plasma-workspace -- Unauthorized users can access session manager (479df73e-2838-11ef-9cab-4ccc6adda413)	Nessus	FreeBSD Local Security Checks	critical
198290	Fedora 40 : plasma-workspace (2024-83fc86a0bc)	Nessus	Fedora Local Security Checks	critical
198286	Fedora 39 : plasma-workspace (2024-d120dc28b8)	Nessus	Fedora Local Security Checks	critical

Detections

Analytics

CVE-2024-36041

high

Tenable Plugins

high

high

high

critical

critical

critical

critical