Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <20140721081731.GB14914@suse.de>
Date: Mon, 21 Jul 2014 10:17:31 +0200
From: Sebastian Krahmer <krahmer@...e.de>
To: oss-security@...ts.openwall.com
Cc: cve-assign@...re.org
Subject: CVE-Request: KAuth authentication bypass

Hi

We'd like to request a CVE for the following issue:

The polkit authentication backend in KDE's KAuth code
used the UnixProcess subject for authenticating actions.
This is subject to race conditions and allows local users
to elevate their privileges by bypassing any of the KAuth checks.
A followup of CVE-2013-4288.

Discussion and patch can be found here:

https://bugzilla.novell.com/show_bug.cgi?id=864716

Sebastian

-- 

~ perl self.pl
~ $_='print"\$_=\47$_\47;eval"';eval
~ krahmer@...e.de - SuSE Security Team

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.