oss-sec mailing list archives
Re: CVE-Request: KAuth authentication bypass
From: Sebastian Krahmer <krahmer () suse de>
Date: Wed, 23 Jul 2014 08:32:07 +0200
On Tue, Jul 22, 2014 at 05:00:06PM -0400, cve-assign () mitre org wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1https://bugzilla.novell.com/show_bug.cgi?id=864716This was previously discussed in, for example: http://openwall.com/lists/oss-security/2014/04/03/1 but apparently nobody responded to our question then. It would have been useful for your new CVE request to have included a pointer back to the earlier discussion here about exactly the same bugzilla.novell.com bug number. We understand that a patch now exists (one did not exist at the time of the previous discussion). We also understand that org.kde.fontinst.service and org.kde.kcontrol.kcmclock.service have been mentioned as examples of services that can be attacked on systems without the patch. Can you confirm that you are asking for a CVE ID for the KAuth product, not the "PolicyKit Library Qt Bindings" product?
Yes indeed. Its the KDE KAuth code using the wrong kind of subject for authentication.
Should there also be a separate CVE ID for https://bugzilla.novell.com/show_bug.cgi?id=864716#c25 "The deprecated polkit method in polkit-qt5 bindings has been updated to polkit_unix_process_new_for_owner." ?
No, it was a patch proposal for above mentioned bug and it was wrong.
Should there also be a separate CVE ID for https://bugzilla.novell.com/show_bug.cgi?id=864716#c37 "Qt, since 5.3, aborts action if the Q*Application is SUID." ?
Thats up to the Qt developers to request a CVE for this; if its needed. I did not analyze this potential issue as its not related to the KAuth bug in any way. Sebastian -- ~ perl self.pl ~ $_='print"\$_=\47$_\47;eval"';eval ~ krahmer () suse de - SuSE Security Team
Current thread:
- CVE-Request: KAuth authentication bypass Sebastian Krahmer (Jul 21)
- Re: CVE-Request: KAuth authentication bypass cve-assign (Jul 22)
- Re: CVE-Request: KAuth authentication bypass Sebastian Krahmer (Jul 22)
- Re: CVE-Request: KAuth authentication bypass cve-assign (Jul 22)
- Re: CVE-Request: KAuth authentication bypass Sebastian Krahmer (Jul 22)
- Re: CVE-Request: KAuth authentication bypass cve-assign (Jul 22)