CentOS Update For Polkit-qt CESA-2014:1359 Centos7 Network Vulnerability

Summary

Check the version of polkit-qt

Solution

Please Install the Updated Packages.

Insight

Polkit-qt is a library that lets developers use the PolicyKit API through a Qt-styled API. The polkit-qt library is used by the KDE Authentication Agent (KAuth), which is a part of kdelibs. It was found that polkit-qt handled authorization requests with PolicyKit via a D-Bus API that is vulnerable to a race condition. A local user could use this flaw to bypass intended PolicyKit authorizations. This update modifies polkit-qt to communicate with PolicyKit via a different API that is not vulnerable to the race condition. (CVE-2014-5033) All polkit-qt users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.

Affected

polkit-qt on CentOS 7

Detection

Get the installed version with the help of detect NVT and check if the version is vulnerable or not.

References

http://lists.centos.org/pipermail/centos-announce/2014-October/020671.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2014-5033
CVSS Base Score: 6.9
AV:L/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

CentOS Update for polkit-qt CESA-2014:1359 centos7

Take action and discover your vulnerabilities