Re: Privilege Escalation via KDE Clock KCM polkit helper

[cve-assign () mitre org]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> a security issue in KDE which under Ubuntu and some other distros
> allows a program to run arbitrary processes as root from an admin user
> without any prompts.
>
> kde-workspace < 4.14.3
>
> KDE workspace configuration module for setting the date and time has a
> helper program which runs as root for performing actions. This is
> secured with polkit.
>
> This helper takes the name of the ntp utility to run as an argument.
> This allows a hacker to run any arbitrary command as root under the
> guise of updating the time.
>
> https://git.reviewboard.kde.org/r/120977/

> Do not pass ntpUtility as an argument to datetime helper
>  
> Passing the name of a binary to run to a polkit helper is a security
> risk as it allows any arbitrary process to be executed.

Use CVE-2014-8651.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJUXBpEAAoJEKllVAevmvms8tkH/24xRCKqs7+chaachMPh198W
5kPxM6u/LnF8kT+9iSxO5BcotC9EtpcqR7INhP8+aE3UC/6sTyMqY0UQ0+Dq1sSF
0qcD9MV/70cxi/ty01hqWKLTn8rzdRmm88g+tgbDKCbjH48BpQRmMdNLJhL9InhJ
FR7KHqEr7KYMTq0l9eNcLNNbkq8yt8QeaSz2O4dqsnnn9yjFAUR0n+jAN9toDyTr
gi4pMYQUIuViQMamtwZuo8WXZf/badIEkC1QESDbkjKqPttC4/qJL2F4HY6usdZa
PiL7PmS8zrI5wpGg+UQhgf6Svkgbu5PDPwwvLADx1/CYXe1neOnxjhjj9vwkZQ8=
=edpr
-----END PGP SIGNATURE-----