Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
freebsdFreeBSDDAFA13A8-6E9B-11E4-8EF7-5453ED2E2B49
HistoryNov 06, 2014 - 12:00 a.m.

kde-workspace -- privilege escalation

2014-11-0600:00:00
vuxml.freebsd.org
3

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

5.2%

JSON

David Edmundson reports:

KDE workspace configuration module for setting the date and time
has a helper program which runs as root for performing actions.
This is secured with polkit.
This helper takes the name of the ntp utility to run as an
argument. This allows a hacker to run any arbitrary command as root
under the guise of updating the time.
An application can gain root priveledges from an admin user with
either misleading information or no interaction.
On some systems the user will be shown a prompt to change the
time. However, if the system has policykit-desktop-privileges
installed, the datetime helper will be invoked by an admin user
without any prompts.

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchkde-workspace< 4.11.13_1UNKNOWN

Related

archlinux 1
fedora 3
nessus 7
securityvulns 2
openvas 7
ubuntucve 1
mageia 2
gentoo 1
ubuntu 1
cve 1
prion 1
archlinux
archlinux
kdebase-workspace: local privilege escalation
2014-11-10 00:00:00
fedora
fedora
[SECURITY] Fedora 19 Update: kde-workspace-4.11.14-1.fc19
2014-11-17 06:33:14
[SECURITY] Fedora 20 Update: kde-workspace-4.11.14-1.fc20
2014-11-15 09:09:37
[SECURITY] Fedora 21 Update: kde-workspace-4.11.14-1.fc21
2014-11-16 14:45:28
nessus
nessus
GLSA-201512-12 : KDE Systemsettings: Privilege escalation
2016-01-04 00:00:00
Ubuntu 12.04 LTS : kde-workspace vulnerabilities (USN-2402-1)
2014-11-11 00:00:00
Fedora 20 : kde-workspace-4.11.14-1.fc20 (2014-14813)
2014-11-17 00:00:00
securityvulns
securityvulns
[USN-2402-1] KDE workspace vulnerabilities
2014-12-01 00:00:00
KDE Clock KCM privilege escalation
2014-12-01 00:00:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2016:0303-1)
2021-06-09 00:00:00
Mageia: Security Advisory (MGASA-2014-0480)
2022-01-28 00:00:00
Ubuntu: Security Advisory (USN-2402-1)
2014-11-11 00:00:00
ubuntucve
ubuntucve
CVE-2014-8651
2014-11-07 00:00:00
mageia
mageia
Updated kdebase4-workspace packages fix security vulnerability and various bugs
2014-11-21 16:38:07
Updated kdebase4-workspace packages fix security vulnerability and various bugs
2014-11-14 03:57:44
gentoo
gentoo
KDE Systemsettings: Privilege escalation
2015-12-30 00:00:00
ubuntu
ubuntu
KDE workspace vulnerability
2014-11-11 00:00:00
cve
cve
CVE-2014-8651
2014-12-06 21:59:00
prion
prion
Code injection
2014-12-06 21:59:00

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

5.2%

JSON
Related for DAFA13A8-6E9B-11E4-8EF7-5453ED2E2B49
archlinux1fedora3nessus7securityvulns2openvas7ubuntucve1mageia2gentoo1ubuntu1cve1prion1