Date: Mon, 21 Jul 2014 10:17:31 +0200 From: Sebastian Krahmer <krahmer@...e.de> To: oss-security@...ts.openwall.com Cc: cve-assign@...re.org Subject: CVE-Request: KAuth authentication bypass Hi We'd like to request a CVE for the following issue: The polkit authentication backend in KDE's KAuth code used the UnixProcess subject for authenticating actions. This is subject to race conditions and allows local users to elevate their privileges by bypassing any of the KAuth checks. A followup of CVE-2013-4288. Discussion and patch can be found here: https://bugzilla.novell.com/show_bug.cgi?id=864716 Sebastian -- ~ perl self.pl ~ $_='print"\$_=\47$_\47;eval"';eval ~ krahmer@...e.de - SuSE Security Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ