CVE-2015-3643 – usb-creator 0.2.x (Ubuntu 12.04/14.04/14.10) - Local Privilege Escalation

https://notcve.org/view.php?id=CVE-2015-3643

usb-creator before 0.2.38.3ubuntu0.1 on Ubuntu 12.04 LTS, before 0.2.56.3ubuntu0.1 on Ubuntu 14.04 LTS, before 0.2.62ubuntu0.3 on Ubuntu 14.10, and before 0.2.67ubuntu0.1 on Ubuntu 15.04 allows local users to gain privileges by leveraging a missing call check_polkit for the KVMTest method. usb-creator en versiones anteriores a 0.2.38.3ubuntu0.1 en Ubuntu 12.04 LTS, en versiones anteriores a 0.2.56.3ubuntu0.1 en Ubuntu 14.04 LTS, en versiones anteriores a 0.2.62ubuntu0.3 en Ubuntu 14.10 y en versiones anteriores a 0.2.67ubuntu0.1 en Ubuntu 15.04 permite que los usuarios locales obtengan privilegios aprovechando que el método KVMTest se olvida de llamar a la función check_polkit. • https://www.exploit-db.com/exploits/36820 http://www.openwall.com/lists/oss-security/2015/04/22/12 http://www.openwall.com/lists/oss-security/2015/05/04/3 http://www.securityfocus.com/bid/74304 https://bazaar.launchpad.net/~usb-creator-hackers/usb-creator/trunk/revision/470 https://usn.ubuntu.com/usn/usn-2576-1 https://usn.ubuntu.com/usn/usn-2576-2 • CWE-264: Permissions, Privileges, and Access Controls •