Candidate: CVE-2015-3643
PublicDate: 2017-09-28 01:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3643
 http://www.openwall.com/lists/oss-security/2015/05/04/3
 https://ubuntu.com/security/notices/USN-2576-1
 https://ubuntu.com/security/notices/USN-2576-2
Description:
 usb-creator before 0.2.38.3ubuntu0.1 on Ubuntu 12.04 LTS, before
 0.2.56.3ubuntu0.1 on Ubuntu 14.04 LTS, before 0.2.62ubuntu0.3 on Ubuntu
 14.10, and before 0.2.67ubuntu0.1 on Ubuntu 15.04 allows local users to
 gain privileges by leveraging a missing call check_polkit for the KVMTest
 method.
Ubuntu-Description:
Notes:
Bugs:
 https://bugs.launchpad.net/ubuntu/+source/usb-creator/+bug/1447396
Priority: medium
Discovered-by: Tavis Ormandy
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H [7.8 HIGH]

Patches_usb-creator:
upstream_usb-creator: released
precise_usb-creator: released (0.2.38.3ubuntu0.1)
trusty_usb-creator: released (0.2.56.3ubuntu0.1)
trusty/esm_usb-creator: DNE (trusty was released [0.2.56.3ubuntu0.1])
utopic_usb-creator: released (0.2.62ubuntu0.3)
vivid_usb-creator: released (0.2.67ubuntu0.1)
devel_usb-creator: not-affected