Vulnerability Details CVE-2014-8651
The KDE Clock KCM policykit helper in kde-workspace before 4.11.14 and plasma-desktop before 5.1.1 allows local users to gain privileges via a crafted ntpUtility (ntp utility name) argument.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 13.6%
CVSS Severity
CVSS v2 Score 7.2
References
- http://lists.fedoraproject.org/pipermail/package-announce/2014-November/143781.html
- http://lists.fedoraproject.org/pipermail/package-announce/2014-November/144034.html
- http://lists.fedoraproject.org/pipermail/package-announce/2014-November/144093.html
- http://www.openwall.com/lists/oss-security/2014/11/04/9
- http://www.openwall.com/lists/oss-security/2014/11/07/3
- http://www.securityfocus.com/bid/70904
- http://www.ubuntu.com/usn/USN-2402-1
- https://security.gentoo.org/glsa/201512-12
- https://www.kde.org/info/security/advisory-20141106-1.txt
- http://lists.fedoraproject.org/pipermail/package-announce/2014-November/143781.html
- http://lists.fedoraproject.org/pipermail/package-announce/2014-November/144034.html
- http://lists.fedoraproject.org/pipermail/package-announce/2014-November/144093.html
- http://www.openwall.com/lists/oss-security/2014/11/04/9
- http://www.openwall.com/lists/oss-security/2014/11/07/3
- http://www.securityfocus.com/bid/70904
- http://www.ubuntu.com/usn/USN-2402-1
- https://security.gentoo.org/glsa/201512-12
- https://www.kde.org/info/security/advisory-20141106-1.txt
Products affected by CVE-2014-8651
-
cpe:2.3:a:kde:kde-workspace:4.10.5
-
cpe:2.3:a:kde:kde-workspace:4.11.13
-
cpe:2.3:a:kde:kde-workspace:4.2.0
-
cpe:2.3:a:kde:plasma-desktop:5.1