Detections
Analytics
FreeBSD : kdelibs -- KAuth PID Reuse Flaw (2f90556f-18c6-11e4-9cc4-5453ed2e2b49)
medium Nessus Plugin ID 76951
Language:
Synopsis
The remote FreeBSD host is missing a security-related update.Description
Martin Sandsmark reports :The KAuth framework uses polkit-1 API which tries to authenticate using the requestors PID. This is prone to PID reuse race conditions.
This potentially allows a malicious application to pose as another for authentication purposes when executing privileged actions.
Solution
Update the affected package.See Also
Plugin Details
Severity: Medium
ID: 76951
File Name: freebsd_pkg_2f90556f18c611e49cc45453ed2e2b49.nasl
Version: 1.6
Type: local
Family: FreeBSD Local Security Checks
Published: 8/1/2014
Updated: 1/6/2021
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.7
CVSS v2
Risk Factor: Medium
Base Score: 6.9
Vector: CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C
Vulnerability Information
CPE: p-cpe:/a:freebsd:freebsd:kdelibs, cpe:/o:freebsd:freebsd
Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info
Patch Publication Date: 7/31/2014
Vulnerability Publication Date: 7/30/2014
Reference Information
CVE: CVE-2014-5033