privilage escalation in clock kcontrol
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
kde-workspace (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
Precise |
Fix Released
|
Undecided
|
Unassigned | ||
Trusty |
Fix Released
|
Undecided
|
Unassigned | ||
Utopic |
Fix Released
|
Undecided
|
Unassigned | ||
Vivid |
Invalid
|
Undecided
|
Unassigned |
Bug Description
KDE Project Security Advisory
=======
Title: kde-workspace: Privilege Escalation via KDE Clock KCM polkit helper
Risk Rating: Medium(?)
CVE: requested. Not been given one yet
Platforms: All
Versions: kde-workspace < 4.14.3
Author: David Edmundson <email address hidden>
Date: 4 November 2014
Overview
========
KDE workspace configuration module for setting the date and time has a helper program
which runs as root for performing actions. This is secured with polkit.
This helper takes the name of the ntp utility to run as an argument. This allows a hacker
to run any arbitrary command as root under the guise of updating the time.
Impact
======
An application can gain root priveledges from an admin user with either misleading information
or no interaction.
On some systems the user will be shown a prompt to change the time. However, if the system has
policykit-
without any prompts.
Workaround
==========
Add a polkit rule to disable the org.kde.
Solution
========
Upgrade kde-desktop to 4.14.3 once released or apply the following patch:
Changed in kde-workspace (Ubuntu Utopic): | |
status: | In Progress → Fix Committed |
Changed in kde-workspace (Ubuntu Trusty): | |
status: | In Progress → Fix Committed |
information type: | Private Security → Public Security |
Changed in kde-workspace (Ubuntu Precise): | |
status: | In Progress → Fix Committed |
Changed in kde-workspace (Ubuntu Vivid): | |
status: | New → Invalid |
to be made public on 6th November
I have a vivid package ready to upload