Vigil@nce - spice-gtk: privilege escalation via polkit
October 2013 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
A local attacker can use a vulnerability in polkit, used by
spice-gtk, in order to escalate his privileges.
Impacted products: Fedora, RHEL, Unix (platform)
Severity: 2/4
Creation date: 20/09/2013
DESCRIPTION OF THE VULNERABILITY
The bulletin VIGILANCE-VUL-13454 (https://vigilance.fr/tree/1/13454?w=66901)
describes a vulnerability of polkit which allows a local attacker
to elevate his privileges.
The spice-gtk product uses the libgobject API of polkit, so it is
also impacted by this vulnerability.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/spice-gtk-privilege-escalation-via-polkit-13456