Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 23 Jul 2014 08:32:07 +0200
From: Sebastian Krahmer <krahmer@...e.de>
To: cve-assign@...re.org
Cc: oss-security@...ts.openwall.com
Subject: Re: CVE-Request: KAuth authentication bypass

On Tue, Jul 22, 2014 at 05:00:06PM -0400, cve-assign@...re.org wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> > https://bugzilla.novell.com/show_bug.cgi?id=864716
> 
> This was previously discussed in, for example:
> 
>   http://openwall.com/lists/oss-security/2014/04/03/1
> 
> but apparently nobody responded to our question then. It would have
> been useful for your new CVE request to have included a pointer back
> to the earlier discussion here about exactly the same
> bugzilla.novell.com bug number.
> 
> We understand that a patch now exists (one did not exist at the time
> of the previous discussion).
> 
> We also understand that org.kde.fontinst.service and
> org.kde.kcontrol.kcmclock.service have been mentioned as examples of
> services that can be attacked on systems without the patch.
> 
> 
> Can you confirm that you are asking for a CVE ID for the KAuth
> product, not the "PolicyKit Library Qt Bindings" product?

Yes indeed. Its the KDE KAuth code using the wrong kind of subject
for authentication.

> 
> Should there also be a separate CVE ID for
> 
>   https://bugzilla.novell.com/show_bug.cgi?id=864716#c25
> 
>   "The deprecated polkit method in polkit-qt5 bindings has been
>    updated to polkit_unix_process_new_for_owner."
> 
> ?

No, it was a patch proposal for above mentioned bug and it was wrong.

> 
> Should there also be a separate CVE ID for
> 
>   https://bugzilla.novell.com/show_bug.cgi?id=864716#c37
> 
>   "Qt, since 5.3, aborts action if the Q*Application is SUID."
> 
> ?

Thats up to the Qt developers to request a CVE for this; if its needed.
I did not analyze this potential issue as its not related to the KAuth bug in any way.

Sebastian


-- 

~ perl self.pl
~ $_='print"\$_=\47$_\47;eval"';eval
~ krahmer@...e.de - SuSE Security Team

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.