[email protected]CVE-2014-8651

HistoryDec 06, 2014 - 9:59 p.m.

CVE-2014-8651

2014-12-0621:59:00

CWE-264

[email protected]

web.nvd.nist.gov

cve-2014-8651

kde

clock

kcm

policykit

local users

privileges

ntputility

ntp utility name

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

6.2 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

The KDE Clock KCM policykit helper in kde-workspace before 4.11.14 and plasma-desktop before 5.1.1 allows local users to gain privileges via a crafted ntpUtility (ntp utility name) argument.

Affected configurations

NVD

Node

kdeplasma-desktopRange≤5.1

Node

kdekde-workspaceRange≤4.11.13

CPENameOperatorVersion
kde:plasma-desktopkde plasma-desktople5.1

CPE	Name	Operator	Version
kde:plasma-desktop	kde plasma-desktop	le	5.1

References

lists.fedoraproject.org/pipermail/package-announce/2014-November/143781.html

lists.fedoraproject.org/pipermail/package-announce/2014-November/144034.html

lists.fedoraproject.org/pipermail/package-announce/2014-November/144093.html

www.openwall.com/lists/oss-security/2014/11/04/9

www.openwall.com/lists/oss-security/2014/11/07/3

www.securityfocus.com/bid/70904

www.ubuntu.com/usn/USN-2402-1

security.gentoo.org/glsa/201512-12

www.kde.org/info/security/advisory-20141106-1.txt

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

6.2 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2014-8651

securityvulns2 openvas7 nvd1 nessus8 archlinux1 fedora3 cvelist1 prion1 mageia2 freebsd1 ubuntu1 ubuntucve1 gentoo1