Summary
Check the version of polkit-qt
Solution
Please Install the Updated Packages.
Insight
Polkit-qt is a library that lets
developers use the PolicyKit API through a Qt-styled API. The polkit-qt library is used by the KDE Authentication Agent (KAuth), which is a part of kdelibs.
It was found that polkit-qt handled authorization requests with PolicyKit via a D-Bus API that is vulnerable to a race condition. A local user could use this flaw to bypass intended PolicyKit authorizations. This update modifies polkit-qt to communicate with PolicyKit via a different API that is not vulnerable to the race condition. (CVE-2014-5033)
All polkit-qt users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.
Affected
polkit-qt on Red Hat Enterprise Linux Server (v. 7)
Detection
Get the installed version with the help
of detect NVT and check if the version is vulnerable or not.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2014-5033 -
CVSS Base Score: 6.9
AV:L/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities