Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
freebsdFreeBSD2F90556F-18C6-11E4-9CC4-5453ED2E2B49
HistoryJul 30, 2014 - 12:00 a.m.

kdelibs -- KAuth PID Reuse Flaw

2014-07-3000:00:00
vuxml.freebsd.org
12

6.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

5.3%

JSON

Martin Sandsmark reports:

The KAuth framework uses polkit-1 API which tries to authenticate
using the requestors PID. This is prone to PID reuse race
conditions.
This potentially allows a malicious application to pose as another
for authentication purposes when executing privileged actions.

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchkdelibs< 4.12.5_3UNKNOWN

Related

fedora 97
openvas 87
debian 2
nessus 8
redhat 1
oraclelinux 1
securityvulns 1
centos 1
ubuntu 1
fedora
fedora
[SECURITY] Fedora 20 Update: rocs-4.14.1-1.fc20
2014-09-27 09:47:51
[SECURITY] Fedora 20 Update: polkit-qt-0.112.0-1.fc20
2014-09-19 10:18:49
[SECURITY] Fedora 20 Update: kdegraphics-thumbnailers-4.14.1-1.fc20
2014-09-27 09:47:46
openvas
openvas
Debian Security Advisory DSA 3004-1 (kde4libs - security update)
2014-08-11 00:00:00
Fedora Update for konsole FEDORA-2014-11448
2014-10-01 00:00:00
Fedora Update for marble FEDORA-2014-11448
2014-10-01 00:00:00
debian
debian
[SECURITY] [DLA 76-1] kde4libs security update
2014-10-24 11:13:35
[SECURITY] [DSA 3004-1] kde4libs security update
2014-08-10 22:34:33
nessus
nessus
Fedora 20 : akonadi-1.13.0-2.fc20 / amor-4.14.1-1.fc20 / analitza-4.14.1-1.fc20 / ark-4.14.1-1.fc20 / etc (2014-11448)
2014-09-29 00:00:00
Fedora 20 : polkit-qt-0.112.0-1.fc20 (2014-9641)
2014-09-22 00:00:00
openSUSE Security Update : kdelibs4 (openSUSE-SU-2014:0981-1)
2014-08-12 00:00:00
redhat
redhat
(RHSA-2014:1359) Important: polkit-qt security update
2014-10-06 00:00:00
oraclelinux
oraclelinux
polkit-qt security update
2014-10-06 00:00:00
securityvulns
securityvulns
KDE restrictions bypass
2014-08-04 00:00:00
centos
centos
polkit security update
2014-10-06 18:04:24
ubuntu
ubuntu
KDE-Libs vulnerability
2014-07-31 00:00:00

6.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

5.3%

JSON
Related for 2F90556F-18C6-11E4-9CC4-5453ED2E2B49
fedora97openvas87debian2nessus8redhat1oraclelinux1securityvulns1centos1ubuntu1