https://bugzilla.novell.com/show_bug.cgi?id=864716 https://bugzilla.novell.com/show_bug.cgi?id=864716#c41 --- Comment #41 from Sebastian Krahmer <krahmer@suse.com> 2014-07-16 13:33:16 UTC --- Two examples of vulnerable KDE services are: /usr/share/dbus-1/system-services/org.kde.fontinst.service or /usr/share/dbus-1/system-services/org.kde.kcontrol.kcmclock.service which can be DBUs-activated by users to run as root and which use KAuth to check whether this user would be allowed to do that action. This check can by bypassed since process-subject, as used by KAuth, is racy. Please refer to CVE-2013-4288 and the followups CVE-2013-4311, CVE-2013-4324, CVE-2013-4325, CVE-2013-4326 and CVE-2013-4327 which all fix exactly the same issue. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.