CVE-2014-8651 — OS Command Injection in Kde-workspace

CWE-264 CWE-78 — OS Command Injection7 documents7 sources

Severity

7.2HIGHNVD

EPSS

0.1%

top 74.69%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

KDE Kde-workspace KDE Plasma-desktop

Timeline

PublishedDec 6

Latest updateMay 17

Description

The KDE Clock KCM policykit helper in kde-workspace before 4.11.14 and plasma-desktop before 5.1.1 allows local users to gain privileges via a crafted ntpUtility (ntp utility name) argument.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages2 packages

▶NVDkde/plasma-desktop5.1

▶NVDkde/kde-workspace4.11.13

🔴Vulnerability Details

GHSA

GHSA-qpg7-58m4-m59v: The KDE Clock KCM policykit helper in kde-workspace before 4↗2022-05-17

▶

CVEList

CVE-2014-8651: The KDE Clock KCM policykit helper in kde-workspace before 4↗2014-12-06

▶

OSV

CVE-2014-8651: The KDE Clock KCM policykit helper in kde-workspace before 4↗2014-11-07

▶

📋Vendor Advisories

Ubuntu

KDE workspace vulnerability↗2014-11-11

▶

Red Hat

kde-workspace: arbitrary code execution and local privilege escalation↗2014-11-04

▶

💬Community

Bugzilla

CVE-2014-8651 kde-workspace: arbitrary code execution and local privilege escalation↗2014-11-13

▶