Vulnerability CVE-2014-8651

Vulnerability Name:

CVE-2014-8651 (CCN-99027)

Assigned:

2014-11-17

Published:

2014-11-17

Updated:

2016-12-07

Summary:

The KDE Clock KCM policykit helper in kde-workspace before 4.11.14 and plasma-desktop before 5.1.1 allows local users to gain privileges via a crafted ntpUtility (ntp utility name) argument.

CVSS v3 Severity:

9.3 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
5.3 Medium (Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

7.2 High (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
5.3 Medium (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

Vulnerability Type:

CWE-264

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2014-8651

Source: FEDORA
Type: UNKNOWN
FEDORA-2014-14813

Source: FEDORA
Type: UNKNOWN
FEDORA-2014-14895

Source: FEDORA
Type: UNKNOWN
FEDORA-2014-14865

Source: CCN
Type: KDE Web site
workspace

Source: MLIST
Type: UNKNOWN
[oss-security] 20141104 Privilege Escalation via KDE Clock KCM polkit helper

Source: MLIST
Type: UNKNOWN
[oss-security] 20141106 Re: Privilege Escalation via KDE Clock KCM polkit helper

Source: BID
Type: UNKNOWN
70904

Source: CCN
Type: BID-70904
KDE Workspace Arbitrary Command Execution Vulnerability

Source: UBUNTU
Type: UNKNOWN
USN-2402-1

Source: CCN
Type: Red Hat Bugzilla Bug 1163778
(CVE-2014-8651) CVE-2014-8651 kde-workspace: arbitrary code execution and local privilege escalation

Source: XF
Type: UNKNOWN
workspace-cve20148651-command-exec(99027)

Source: GENTOO
Type: UNKNOWN
GLSA-201512-12

Source: CCN
Type: KDE Project Security Advisory
kde-workspace, plasma-desktop: privilege escalation

Source: CONFIRM
Type: Vendor Advisory
https://www.kde.org/info/security/advisory-20141106-1.txt

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2014-8651

Vulnerable Configuration:

Configuration 1:

cpe:/a:kde:plasma-desktop:*:*:*:*:*:*:*:* (Version <= 5.1)

Configuration 2:

cpe:/a:kde:kde-workspace:*:*:*:*:*:*:*:* (Version <= 4.11.13)

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20148651	V	CVE-2014-8651	2022-06-30
oval:org.opensuse.security:def:113146	P	plasma5-desktop-5.8.4-1.1 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:34613	P	Security update for gettext-runtime (Moderate)	2021-12-14
oval:org.opensuse.security:def:33056	P	Security update for webkit2gtk3 (Important)	2021-12-01
oval:org.opensuse.security:def:30157	P	Security update for webkit2gtk3 (Important)	2021-12-01
oval:org.opensuse.security:def:30261	P	Security update for opensc (Important)	2021-10-29
oval:org.opensuse.security:def:106574	P	plasma5-desktop-5.8.4-1.1 on GA media (Moderate)	2021-10-01
oval:org.opensuse.security:def:55954	P	Security update for python-urllib3 (Moderate)	2021-09-29
oval:org.opensuse.security:def:31279	P	Security update for sqlite3 (Important)	2021-09-23
oval:org.opensuse.security:def:55951	P	Security update for ghostscript (Critical)	2021-09-21
oval:org.opensuse.security:def:32999	P	Security update for grilo (Important)	2021-09-09
oval:org.opensuse.security:def:34529	P	Security update for file (Important)	2021-09-02
oval:org.opensuse.security:def:34518	P	Security update for unrar (Moderate)	2021-08-25
oval:org.opensuse.security:def:31258	P	Security update for the Linux Kernel (Live Patch 39 for SLE 12 SP3) (Important)	2021-08-25
oval:org.opensuse.security:def:34517	P	Security update for openssl-1_1 (Important)	2021-08-24
oval:org.opensuse.security:def:35262	P	Security update for libcares2 (Important)	2021-08-16
oval:org.opensuse.security:def:33951	P	Security update for webkit2gtk3 (Important)	2021-08-03
oval:org.opensuse.security:def:56046	P	Security update for the Linux Kernel (Important)	2021-07-20
oval:org.opensuse.security:def:30212	P	Security update for java-1_8_0-openjdk (Moderate)	2021-06-15
oval:org.opensuse.security:def:55913	P	Security update for ucode-intel (Important)	2021-06-10
oval:org.opensuse.security:def:33662	P	Security update for MozillaFirefox (Important)	2021-06-08
oval:org.opensuse.security:def:56032	P	Security update for spice-gtk (Important)	2021-06-08
oval:org.opensuse.security:def:55188	P	Security update for libxml2 (Important)	2021-05-19
oval:org.opensuse.security:def:31170	P	Security update for samba (Important)	2021-05-04
oval:org.opensuse.security:def:34412	P	Security update for ImageMagick (Moderate)	2021-04-20
oval:org.opensuse.security:def:33894	P	Security update for xen (Important)	2021-04-19
oval:org.opensuse.security:def:33888	P	Security update for fwupdate (Important)	2021-04-08
oval:org.opensuse.security:def:33105	P	Security update for zabbix (Moderate)	2021-03-30
oval:org.opensuse.security:def:28959	P	Security update for the Linux Kernel (Live Patch 36 for SLE 12 SP2) (Important)	2021-03-17
oval:org.opensuse.security:def:34040	P	Security update for git (Important)	2021-03-09
oval:org.opensuse.security:def:55846	P	Security update for wpa_supplicant (Important)	2021-02-15
oval:org.opensuse.security:def:55289	P	Security update for the Linux Kernel (Important)	2021-02-11
oval:org.opensuse.security:def:31323	P	Security update for the Linux Kernel (Live Patch 35 for SLE 12 SP3) (Important)	2021-02-10
oval:org.opensuse.security:def:55839	P	Security update for the Linux Kernel (Live Patch 37 for SLE 12 SP2) (Important)	2021-02-10
oval:org.opensuse.security:def:28926	P	Security update for python3 (Important)	2021-02-08
oval:org.opensuse.security:def:57515	P	Security update for python3 (Important)	2021-02-08
oval:org.opensuse.security:def:54738	P	Security update for dnsmasq (Important)	2021-01-19
oval:org.opensuse.security:def:31219	P	Security update for openssh (Moderate)	2021-01-05
oval:org.opensuse.security:def:30004	P	Security update for flac (Moderate)	2021-01-04
oval:org.opensuse.security:def:34343	P	Security update for cyrus-sasl (Important)	2020-12-28
oval:org.opensuse.security:def:36010	P	pango-1.26.2-1.3.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:57382	P	Security update for gdm (Important)	2020-12-03
oval:org.opensuse.security:def:36051	P	unzip-6.00-11.7.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:29558	P	Security update for Mozilla Firefox	2020-12-01
oval:org.opensuse.security:def:26906	P	gmime on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:32756	P	openslp on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28002	P	Security update for SDL_image (Moderate)	2020-12-01
oval:org.opensuse.security:def:35050	P	Security update for jasper (Low)	2020-12-01
oval:org.opensuse.security:def:33567	P	Security update for libX11 (Moderate)	2020-12-01
oval:org.opensuse.security:def:30593	P	Security update for openvpn	2020-12-01
oval:org.opensuse.security:def:27612	P	Security update for Mozilla Firefox	2020-12-01
oval:org.opensuse.security:def:34197	P	Security update for pcsc-lite	2020-12-01
oval:org.opensuse.security:def:28891	P	Security update for dhcpcd (Important)	2020-12-01
oval:org.opensuse.security:def:27476	P	libreadline5 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:55082	P	ctags on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28054	P	Security update for cyrus-imapd (Important)	2020-12-01
oval:org.opensuse.security:def:56239	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:28382	P	Security update for rubygem-activerecord-3_2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:26611	P	mailman on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:55561	P	Security update for MozillaFirefox (Critical)	2020-12-01
oval:org.opensuse.security:def:29062	P	Security update for bsdtar (Important)	2020-12-01
oval:org.opensuse.security:def:27478	P	libreoffice-branding-upstream on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:32381	P	Security update for tiff (Moderate)	2020-12-01
oval:org.opensuse.security:def:29774	P	Security update for glibc	2020-12-01
oval:org.opensuse.security:def:27128	P	fuse on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28719	P	Security update for kdebase4-workspace (Moderate)	2020-12-01
oval:org.opensuse.security:def:27270	P	powerpc-utils on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:30872	P	Security update for expat (Important)	2020-12-01
oval:org.opensuse.security:def:27900	P	Security update for wireshark (Low)	2020-12-01
oval:org.opensuse.security:def:35301	P	Security update for libxslt	2020-12-01
oval:org.opensuse.security:def:57308	P	Security update for compat-openssl097g	2020-12-01
oval:org.opensuse.security:def:54508	P	lcms on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27552	P	ruby-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:34848	P	Security update for bind (Important)	2020-12-01
oval:org.opensuse.security:def:55639	P	Security update for strongswan (Important)	2020-12-01
oval:org.opensuse.security:def:29101	P	Recommended update for glibc (Moderate)	2020-12-01
oval:org.opensuse.security:def:27740	P	Security update for MozillaFirefox, mozilla-nspr (Important)	2020-12-01
oval:org.opensuse.security:def:26326	P	Security update for MozillaThunderbird (Moderate)	2020-12-01
oval:org.opensuse.security:def:28666	P	Security update for MozillaFirefox	2020-12-01
oval:org.opensuse.security:def:26903	P	ghostscript-fonts-other on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:30363	P	Security update for wireshark (Moderate)	2020-12-01
oval:org.opensuse.security:def:26714	P	gstreamer-0_10-plugins-good on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:32605	P	sudo on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27381	P	cpp48 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:34368	P	Security update for tgt	2020-12-01
oval:org.opensuse.security:def:31999	P	Security update for xorg-x11-server (Important)	2020-12-01
oval:org.opensuse.security:def:30508	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:27473	P	libpoppler-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28209	P	Security update for libmspack (Moderate)	2020-12-01
oval:org.opensuse.security:def:54671	P	rpm-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27819	P	Security update for libtasn1	2020-12-01
oval:org.opensuse.security:def:35154	P	Security update for kernel-source (Important)	2020-12-01
oval:org.opensuse.security:def:56120	P	Security update for libquicktime (Moderate)	2020-12-01
oval:org.opensuse.security:def:29800	P	Security update for icu (Moderate)	2020-12-01
oval:org.opensuse.security:def:28370	P	Security update for python (Important)	2020-12-01
oval:org.opensuse.security:def:26402	P	Security update for irssi (Moderate)	2020-12-01
oval:org.opensuse.security:def:27420	P	imlib2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33211	P	nagios-nrpe on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29569	P	Security update for SDL (Moderate)	2020-12-01
oval:org.opensuse.security:def:26987	P	lvm2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:32843	P	curl on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28046	P	Security update for curl (Moderate)	2020-12-01
oval:org.opensuse.security:def:35090	P	Security update for kdebase4-workspace (Moderate)	2020-12-01
oval:org.opensuse.security:def:33568	P	Security update for ImageMagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:30725	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:27696	P	Security update for Mozilla Firefox	2020-12-01
oval:org.opensuse.security:def:34255	P	Security update for postgresql91 (Moderate)	2020-12-01
oval:org.opensuse.security:def:27477	P	libreoffice on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28107	P	Security update for glibc (Moderate)	2020-12-01
oval:org.opensuse.security:def:27058	P	xorg-x11 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:54715	P	zoo on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28450	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:26668	P	apache2-mod_jk on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:30300	P	Security update for strongswan (Moderate)	2020-12-01
oval:org.opensuse.security:def:28116	P	Security update for gnutls (Moderate)	2020-12-01
oval:org.opensuse.security:def:26702	P	fuse on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:32392	P	Security update for tomcat6 (Important)	2020-12-01
oval:org.opensuse.security:def:29861	P	Security update for Linux Kernel	2020-12-01
oval:org.opensuse.security:def:27279	P	python-pam on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27281	P	pyxml on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33798	P	Security update for gd	2020-12-01
oval:org.opensuse.security:def:30959	P	Security update for GPG2	2020-12-01
oval:org.opensuse.security:def:27949	P	Security update for GraphicsMagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:35328	P	Security update for microcode_ctl (Moderate)	2020-12-01
oval:org.opensuse.security:def:54509	P	lhasa on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27680	P	Security update for Xen	2020-12-01
oval:org.opensuse.security:def:34905	P	Security update for djvulibre (Low)	2020-12-01
oval:org.opensuse.security:def:55747	P	Security update for libsndfile (Moderate)	2020-12-01
oval:org.opensuse.security:def:29118	P	Security update for java-1_7_0-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:27775	P	Security update for kdebase4-workspace (Moderate)	2020-12-01
oval:org.opensuse.security:def:26327	P	Security update for Chromium (Important)	2020-12-01
oval:org.opensuse.security:def:54878	P	libjbig2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28723	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:26956	P	libmysqlclient15-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33144	P	libdrm on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31001	P	Security update for java-1_6_0-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:29557	P	Security update for Mozilla Firefox	2020-12-01
oval:org.opensuse.security:def:26778	P	logrotate on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:32699	P	ldapsmb on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27988	P	Security update for MozillaFirefox, mozilla-nss, mozilla-nspr (Important)	2020-12-01
oval:org.opensuse.security:def:30519	P	Security update for GnuTLS	2020-12-01
oval:org.opensuse.security:def:27555	P	rubygem-activemodel-3_2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28253	P	Security update for libxml2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:54909	P	libpng12-0 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27903	P	Security update for Xen	2020-12-01
oval:org.opensuse.security:def:35213	P	Security update for libgcrypt	2020-12-01
oval:org.opensuse.security:def:56158	P	Security update for openssh (Moderate)	2020-12-01
oval:org.opensuse.security:def:29836	P	Security update for kdebase4-workspace (Moderate)	2020-12-01
oval:org.opensuse.security:def:28371	P	Security update for python (Moderate)	2020-12-01
oval:org.opensuse.security:def:26530	P	clamav on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:55395	P	tar on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29013	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:27434	P	libasm-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33849	P	Security update for hunspell (Low)	2020-12-01
oval:org.opensuse.security:def:32380	P	Security update for tiff (Moderate)	2020-12-01
oval:org.opensuse.security:def:29642	P	Security update for CUPS	2020-12-01
oval:org.opensuse.security:def:27044	P	tftp on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28684	P	Security update for flash-player (Important)	2020-12-01
oval:org.opensuse.security:def:27269	P	postgresql on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33579	P	Security update for MozillaFirefox (Moderate)	2020-12-01
oval:org.opensuse.security:def:30815	P	Security update for coreutils (Important)	2020-12-01
oval:org.opensuse.security:def:27847	P	Security update for openldap2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:34304	P	Security update for quagga (Low)	2020-12-01
oval:org.opensuse.security:def:27488	P	libssh2-1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:34749	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:55354	P	perl-YAML-LibYAML on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28156	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:27102	P	cups on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:57589	P	Security update for kdebase4-workspace (Moderate)	2020-12-01
oval:org.opensuse.security:def:54716	P	DirectFB on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28581	P	Security update for LibreOffice	2020-12-01
oval:org.opensuse.security:def:26752	P	libmusicbrainz4 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:30319	P	Security update for tiff (Moderate)	2020-12-01
oval:org.opensuse.security:def:28151	P	Security update for kdebase4-workspace (Moderate)	2020-12-01
oval:org.opensuse.security:def:26703	P	fvwm2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:32470	P	Security update for xorg-x11-server (Important)	2020-12-01
oval:org.opensuse.security:def:29918	P	Security update for PostgreSQL	2020-12-01
oval:org.opensuse.security:def:27332	P	xorg-x11-libXp-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31961	P	Security update for guile (Low)	2020-12-01
oval:org.opensuse.security:def:30507	P	Security update for MozillaFirefox	2020-12-01
oval:org.opensuse.security:def:27345	P	libldap-openssl1-2_4-2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31114	P	Security update for krb5 (Moderate)	2020-12-01
oval:org.opensuse.security:def:28195	P	Security update for libdb-4_5 (Moderate)	2020-12-01
oval:org.opensuse.security:def:35372	P	Security update for netpbm (Moderate)	2020-12-01
oval:org.opensuse.security:def:54531	P	libXxf86dga1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27762	P	Security update for gtk2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:34995	P	Security update for glibc (Important)	2020-12-01
oval:org.opensuse.security:def:29162	P	Security update for libxml2 (Low)	2020-12-01
oval:org.opensuse.security:def:26338	P	Security update for Chromium (Moderate)	2020-12-01
oval:org.opensuse.security:def:55116	P	gdm on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28807	P	Security update for perl	2020-12-01
oval:org.opensuse.security:def:27005	P	pam_krb5 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33167	P	libnewt0_52 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31038	P	Security update for kdebase4-workspace (Moderate)	2020-12-01
oval:org.opensuse.security:def:80016	P	Security update for kdebase4-workspace (Moderate)	2016-02-01
oval:org.opensuse.security:def:80223	P	Security update for kdebase4-workspace (Moderate)	2016-02-01
oval:org.mitre.oval:def:27860	P	USN-2402-1 -- KDE workspace vulnerability	2014-12-29
oval:com.ubuntu.precise:def:20148651000	V	CVE-2014-8651 on Ubuntu 12.04 LTS (precise) - medium.	2014-12-06
oval:com.ubuntu.trusty:def:20148651000	V	CVE-2014-8651 on Ubuntu 14.04 LTS (trusty) - medium.	2014-12-06

BACK