Date: Thu, 6 Nov 2014 20:05:31 -0500 (EST) From: cve-assign@...re.org To: davidedmundson@....org Cc: cve-assign@...re.org, oss-security@...ts.openwall.com Subject: Re: Privilege Escalation via KDE Clock KCM polkit helper -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > a security issue in KDE which under Ubuntu and some other distros > allows a program to run arbitrary processes as root from an admin user > without any prompts. > > kde-workspace < 4.14.3 > > KDE workspace configuration module for setting the date and time has a > helper program which runs as root for performing actions. This is > secured with polkit. > > This helper takes the name of the ntp utility to run as an argument. > This allows a hacker to run any arbitrary command as root under the > guise of updating the time. > > https://git.reviewboard.kde.org/r/120977/ > Do not pass ntpUtility as an argument to datetime helper > > Passing the name of a binary to run to a polkit helper is a security > risk as it allows any arbitrary process to be executed. Use CVE-2014-8651. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJUXBpEAAoJEKllVAevmvms8tkH/24xRCKqs7+chaachMPh198W 5kPxM6u/LnF8kT+9iSxO5BcotC9EtpcqR7INhP8+aE3UC/6sTyMqY0UQ0+Dq1sSF 0qcD9MV/70cxi/ty01hqWKLTn8rzdRmm88g+tgbDKCbjH48BpQRmMdNLJhL9InhJ FR7KHqEr7KYMTq0l9eNcLNNbkq8yt8QeaSz2O4dqsnnn9yjFAUR0n+jAN9toDyTr gi4pMYQUIuViQMamtwZuo8WXZf/badIEkC1QESDbkjKqPttC4/qJL2F4HY6usdZa PiL7PmS8zrI5wpGg+UQhgf6Svkgbu5PDPwwvLADx1/CYXe1neOnxjhjj9vwkZQ8= =edpr -----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ