oss-sec mailing list archives
Re: Privilege Escalation via KDE Clock KCM polkit helper
From: cve-assign () mitre org
Date: Thu, 6 Nov 2014 20:05:31 -0500 (EST)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
a security issue in KDE which under Ubuntu and some other distros allows a program to run arbitrary processes as root from an admin user without any prompts. kde-workspace < 4.14.3 KDE workspace configuration module for setting the date and time has a helper program which runs as root for performing actions. This is secured with polkit. This helper takes the name of the ntp utility to run as an argument. This allows a hacker to run any arbitrary command as root under the guise of updating the time. https://git.reviewboard.kde.org/r/120977/
Do not pass ntpUtility as an argument to datetime helper Passing the name of a binary to run to a polkit helper is a security risk as it allows any arbitrary process to be executed.
Use CVE-2014-8651. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJUXBpEAAoJEKllVAevmvms8tkH/24xRCKqs7+chaachMPh198W 5kPxM6u/LnF8kT+9iSxO5BcotC9EtpcqR7INhP8+aE3UC/6sTyMqY0UQ0+Dq1sSF 0qcD9MV/70cxi/ty01hqWKLTn8rzdRmm88g+tgbDKCbjH48BpQRmMdNLJhL9InhJ FR7KHqEr7KYMTq0l9eNcLNNbkq8yt8QeaSz2O4dqsnnn9yjFAUR0n+jAN9toDyTr gi4pMYQUIuViQMamtwZuo8WXZf/badIEkC1QESDbkjKqPttC4/qJL2F4HY6usdZa PiL7PmS8zrI5wpGg+UQhgf6Svkgbu5PDPwwvLADx1/CYXe1neOnxjhjj9vwkZQ8= =edpr -----END PGP SIGNATURE-----
Current thread:
- Privilege Escalation via KDE Clock KCM polkit helper David Edmundson (Nov 04)
- Re: Privilege Escalation via KDE Clock KCM polkit helper cve-assign (Nov 06)