ID de Prueba:	1.3.6.1.4.1.25623.1.0.882051
Categoría:	CentOS Local Security Checks
Título:	CentOS Update for polkit-qt CESA-2014:1359 centos7
Resumen:	Check the version of polkit-qt
Descripción:	Summary: Check the version of polkit-qt Vulnerability Insight: Polkit-qt is a library that lets developers use the PolicyKit API through a Qt-styled API. The polkit-qt library is used by the KDE Authentication Agent (KAuth), which is a part of kdelibs. It was found that polkit-qt handled authorization requests with PolicyKit via a D-Bus API that is vulnerable to a race condition. A local user could use this flaw to bypass intended PolicyKit authorizations. This update modifies polkit-qt to communicate with PolicyKit via a different API that is not vulnerable to the race condition. (CVE-2014-5033) All polkit-qt users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. Affected Software/OS: polkit-qt on CentOS 7 Solution: Please install the updated packages. CVSS Score: 6.9 CVSS Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2014-5033 Debian Security Information: DSA-3004 (Google Search) http://www.debian.org/security/2014/dsa-3004 RedHat Security Advisories: RHSA-2014:1359 http://rhn.redhat.com/errata/RHSA-2014-1359.html http://secunia.com/advisories/60385 http://secunia.com/advisories/60633 http://secunia.com/advisories/60654 SuSE Security Announcement: openSUSE-SU-2014:0981 (Google Search) http://lists.opensuse.org/opensuse-updates/2014-08/msg00012.html http://www.ubuntu.com/usn/USN-2304-1
Copyright	Copyright (C) 2014 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.