Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Mon, 21 Jul 2014 10:17:31 +0200
From: Sebastian Krahmer <krahmer@...e.de>
To: oss-security@...ts.openwall.com
Cc: cve-assign@...re.org
Subject: CVE-Request: KAuth authentication bypass

Hi

We'd like to request a CVE for the following issue:

The polkit authentication backend in KDE's KAuth code
used the UnixProcess subject for authenticating actions.
This is subject to race conditions and allows local users
to elevate their privileges by bypassing any of the KAuth checks.
A followup of CVE-2013-4288.

Discussion and patch can be found here:

https://bugzilla.novell.com/show_bug.cgi?id=864716

Sebastian

-- 

~ perl self.pl
~ $_='print"\$_=\47$_\47;eval"';eval
~ krahmer@...e.de - SuSE Security Team

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ