Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
gentooGentoo FoundationGLSA-201512-12
HistoryDec 30, 2015 - 12:00 a.m.

KDE Systemsettings: Privilege escalation

2015-12-3000:00:00
Gentoo Foundation
security.gentoo.org
9

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

5.2%

JSON

Background

KDE workspace configuration module for setting the date and time has a helper program which runs as root for performing actions.

Description

KDE Systemsettings fails to properly validate user input before passing it as argument in context of higher privilege.

Impact

A local attacker could gain privileges via a crafted ntpUtility (ntp utility name) argument.

Workaround

Add a polkit rule to disable the org.kde.kcontrol.kcmclock.save action.

Resolution

All KDE Systemsettings users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose
 ">=kde-base/systemsettings-4.11.13-r1"
OSVersionArchitecturePackageVersionFilename
Gentooanyallkde-base/systemsettings< 4.11.13-r1UNKNOWN

Related

archlinux 1
fedora 3
nessus 7
securityvulns 2
openvas 7
ubuntucve 1
ubuntu 1
mageia 2
freebsd 1
cve 1
prion 1
archlinux
archlinux
kdebase-workspace: local privilege escalation
2014-11-10 00:00:00
fedora
fedora
[SECURITY] Fedora 19 Update: kde-workspace-4.11.14-1.fc19
2014-11-17 06:33:14
[SECURITY] Fedora 20 Update: kde-workspace-4.11.14-1.fc20
2014-11-15 09:09:37
[SECURITY] Fedora 21 Update: kde-workspace-4.11.14-1.fc21
2014-11-16 14:45:28
nessus
nessus
GLSA-201512-12 : KDE Systemsettings: Privilege escalation
2016-01-04 00:00:00
Ubuntu 12.04 LTS : kde-workspace vulnerabilities (USN-2402-1)
2014-11-11 00:00:00
Fedora 20 : kde-workspace-4.11.14-1.fc20 (2014-14813)
2014-11-17 00:00:00
securityvulns
securityvulns
[USN-2402-1] KDE workspace vulnerabilities
2014-12-01 00:00:00
KDE Clock KCM privilege escalation
2014-12-01 00:00:00
openvas
openvas
Mageia: Security Advisory (MGASA-2014-0480)
2022-01-28 00:00:00
SUSE: Security Advisory (SUSE-SU-2016:0303-1)
2021-06-09 00:00:00
Ubuntu: Security Advisory (USN-2402-1)
2014-11-11 00:00:00
ubuntucve
ubuntucve
CVE-2014-8651
2014-11-07 00:00:00
ubuntu
ubuntu
KDE workspace vulnerability
2014-11-11 00:00:00
mageia
mageia
Updated kdebase4-workspace packages fix security vulnerability and various bugs
2014-11-21 16:38:07
Updated kdebase4-workspace packages fix security vulnerability and various bugs
2014-11-14 03:57:44
freebsd
freebsd
kde-workspace -- privilege escalation
2014-11-06 00:00:00
cve
cve
CVE-2014-8651
2014-12-06 21:59:00
prion
prion
Code injection
2014-12-06 21:59:00

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

5.2%

JSON
Related for GLSA-201512-12
archlinux1fedora3nessus7securityvulns2openvas7ubuntucve1ubuntu1mageia2freebsd1cve1prion1