Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 23 Jul 2014 08:32:07 +0200
From: Sebastian Krahmer <krahmer@...e.de>
To: cve-assign@...re.org
Cc: oss-security@...ts.openwall.com
Subject: Re: CVE-Request: KAuth authentication bypass

On Tue, Jul 22, 2014 at 05:00:06PM -0400, cve-assign@...re.org wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> > https://bugzilla.novell.com/show_bug.cgi?id=864716
> 
> This was previously discussed in, for example:
> 
>   http://openwall.com/lists/oss-security/2014/04/03/1
> 
> but apparently nobody responded to our question then. It would have
> been useful for your new CVE request to have included a pointer back
> to the earlier discussion here about exactly the same
> bugzilla.novell.com bug number.
> 
> We understand that a patch now exists (one did not exist at the time
> of the previous discussion).
> 
> We also understand that org.kde.fontinst.service and
> org.kde.kcontrol.kcmclock.service have been mentioned as examples of
> services that can be attacked on systems without the patch.
> 
> 
> Can you confirm that you are asking for a CVE ID for the KAuth
> product, not the "PolicyKit Library Qt Bindings" product?

Yes indeed. Its the KDE KAuth code using the wrong kind of subject
for authentication.

> 
> Should there also be a separate CVE ID for
> 
>   https://bugzilla.novell.com/show_bug.cgi?id=864716#c25
> 
>   "The deprecated polkit method in polkit-qt5 bindings has been
>    updated to polkit_unix_process_new_for_owner."
> 
> ?

No, it was a patch proposal for above mentioned bug and it was wrong.

> 
> Should there also be a separate CVE ID for
> 
>   https://bugzilla.novell.com/show_bug.cgi?id=864716#c37
> 
>   "Qt, since 5.3, aborts action if the Q*Application is SUID."
> 
> ?

Thats up to the Qt developers to request a CVE for this; if its needed.
I did not analyze this potential issue as its not related to the KAuth bug in any way.

Sebastian


-- 

~ perl self.pl
~ $_='print"\$_=\47$_\47;eval"';eval
~ krahmer@...e.de - SuSE Security Team

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ