Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.871256
Category:Red Hat Local Security Checks
Title:RedHat Update for polkit-qt RHSA-2014:1359-01
Summary:The remote host is missing an update for the 'polkit-qt'; package(s) announced via the referenced advisory.
Description:Summary:
The remote host is missing an update for the 'polkit-qt'
package(s) announced via the referenced advisory.

Vulnerability Insight:
Polkit-qt is a library that lets
developers use the PolicyKit API through a Qt-styled API. The polkit-qt
library is used by the KDE Authentication Agent (KAuth), which is a part of kdelibs.

It was found that polkit-qt handled authorization requests with PolicyKit
via a D-Bus API that is vulnerable to a race condition. A local user could
use this flaw to bypass intended PolicyKit authorizations. This update
modifies polkit-qt to communicate with PolicyKit via a different API that
is not vulnerable to the race condition. (CVE-2014-5033)

All polkit-qt users are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue.

Affected Software/OS:
polkit-qt on Red Hat Enterprise Linux Server (v. 7)

Solution:
Please Install the Updated Packages.

CVSS Score:
6.9

CVSS Vector:
AV:L/AC:M/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2014-5033
Debian Security Information: DSA-3004 (Google Search)
http://www.debian.org/security/2014/dsa-3004
RedHat Security Advisories: RHSA-2014:1359
http://rhn.redhat.com/errata/RHSA-2014-1359.html
http://secunia.com/advisories/60385
http://secunia.com/advisories/60633
http://secunia.com/advisories/60654
SuSE Security Announcement: openSUSE-SU-2014:0981 (Google Search)
http://lists.opensuse.org/opensuse-updates/2014-08/msg00012.html
http://www.ubuntu.com/usn/USN-2304-1
CopyrightCopyright (C) 2014 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.