Lucene search

[email protected]CVE-2014-8651

HistoryDec 06, 2014 - 9:59 p.m.

CVE-2014-8651

2014-12-0621:59:00

CWE-264

[email protected]

web.nvd.nist.gov

cve-2014-8651

kde

clock

kcm

policykit

local users

privileges

ntputility

ntp utility name

6.1 Medium

AI Score

Confidence

Low

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

5.2%

JSON

The KDE Clock KCM policykit helper in kde-workspace before 4.11.14 and plasma-desktop before 5.1.1 allows local users to gain privileges via a crafted ntpUtility (ntp utility name) argument.

CPENameOperatorVersion
kde:plasma-desktopkde plasma-desktople5.1
kde:kde-workspacekde kde-workspacele4.11.13

CPE	Name	Operator	Version
kde:plasma-desktop	kde plasma-desktop	le	5.1
kde:kde-workspace	kde kde-workspace	le	4.11.13

References

lists.fedoraproject.org/pipermail/package-announce/2014-November/143781.html

lists.fedoraproject.org/pipermail/package-announce/2014-November/144034.html

lists.fedoraproject.org/pipermail/package-announce/2014-November/144093.html

www.openwall.com/lists/oss-security/2014/11/04/9

www.openwall.com/lists/oss-security/2014/11/07/3

www.securityfocus.com/bid/70904

www.ubuntu.com/usn/USN-2402-1

security.gentoo.org/glsa/201512-12

www.kde.org/info/security/advisory-20141106-1.txt

6.1 Medium

AI Score

Confidence

Low

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

5.2%

JSON

Related for CVE-2014-8651

archlinux1 fedora3 nessus7 securityvulns2 openvas7 prion1 mageia2 ubuntucve1 gentoo1 ubuntu1 freebsd1