oss-sec mailing list archives
CVE-Request: KAuth authentication bypass
From: Sebastian Krahmer <krahmer () suse de>
Date: Mon, 21 Jul 2014 10:17:31 +0200
Hi We'd like to request a CVE for the following issue: The polkit authentication backend in KDE's KAuth code used the UnixProcess subject for authenticating actions. This is subject to race conditions and allows local users to elevate their privileges by bypassing any of the KAuth checks. A followup of CVE-2013-4288. Discussion and patch can be found here: https://bugzilla.novell.com/show_bug.cgi?id=864716 Sebastian -- ~ perl self.pl ~ $_='print"\$_=\47$_\47;eval"';eval ~ krahmer () suse de - SuSE Security Team
Current thread:
- CVE-Request: KAuth authentication bypass Sebastian Krahmer (Jul 21)
- Re: CVE-Request: KAuth authentication bypass cve-assign (Jul 22)
- Re: CVE-Request: KAuth authentication bypass Sebastian Krahmer (Jul 22)
- Re: CVE-Request: KAuth authentication bypass cve-assign (Jul 22)
- Re: CVE-Request: KAuth authentication bypass Sebastian Krahmer (Jul 22)
- Re: CVE-Request: KAuth authentication bypass cve-assign (Jul 22)