CVE-2014-5033
Summary
| CVE | CVE-2014-5033 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2014-08-19 18:55:00 UTC |
| Updated | 2014-10-16 07:22:00 UTC |
| Description | KDE kdelibs before 4.14 and kauth before 5.1 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, related to CVE-2013-4288 and "PID reuse race conditions." |
Risk And Classification
Problem Types: CWE-362
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Canonical | Ubuntu Linux | 12.04 | - | lts | All |
| Operating System | Canonical | Ubuntu Linux | 14.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 12.04 | - | lts | All |
| Operating System | Canonical | Ubuntu Linux | 14.04 | All | All | All |
| Application | Debian | Kde4libs | - | All | All | All |
| Application | Debian | Kde4libs | - | All | All | All |
| Application | Kde | Kauth | All | All | All | All |
| Application | Kde | Kdelibs | 4.10.0 | All | All | All |
| Application | Kde | Kdelibs | 4.10.1 | All | All | All |
| Application | Kde | Kdelibs | 4.10.2 | All | All | All |
| Application | Kde | Kdelibs | 4.10.3 | All | All | All |
| Application | Kde | Kdelibs | 4.10.95 | All | All | All |
| Application | Kde | Kdelibs | 4.10.97 | All | All | All |
| Application | Kde | Kdelibs | 4.11.0 | All | All | All |
| Application | Kde | Kdelibs | 4.11.1 | All | All | All |
| Application | Kde | Kdelibs | 4.11.2 | All | All | All |
| Application | Kde | Kdelibs | 4.11.3 | All | All | All |
| Application | Kde | Kdelibs | 4.11.4 | All | All | All |
| Application | Kde | Kdelibs | 4.11.5 | All | All | All |
| Application | Kde | Kdelibs | 4.11.80 | All | All | All |
| Application | Kde | Kdelibs | 4.11.90 | All | All | All |
| Application | Kde | Kdelibs | 4.11.95 | All | All | All |
| Application | Kde | Kdelibs | 4.11.97 | All | All | All |
| Application | Kde | Kdelibs | 4.12.0 | All | All | All |
| Application | Kde | Kdelibs | 4.12.1 | All | All | All |
| Application | Kde | Kdelibs | 4.12.2 | All | All | All |
| Application | Kde | Kdelibs | 4.12.3 | All | All | All |
| Application | Kde | Kdelibs | 4.12.4 | All | All | All |
| Application | Kde | Kdelibs | 4.12.5 | All | All | All |
| Application | Kde | Kdelibs | 4.12.80 | All | All | All |
| Application | Kde | Kdelibs | 4.12.90 | All | All | All |
| Application | Kde | Kdelibs | 4.12.95 | All | All | All |
| Application | Kde | Kdelibs | 4.12.97 | All | All | All |
| Application | Kde | Kdelibs | 4.13.0 | All | All | All |
| Application | Kde | Kdelibs | 4.13.1 | All | All | All |
| Application | Kde | Kdelibs | 4.13.2 | All | All | All |
| Application | Kde | Kdelibs | 4.13.3 | All | All | All |
| Application | Kde | Kdelibs | 4.13.80 | All | All | All |
| Application | Kde | Kdelibs | 4.13.90 | All | All | All |
| Application | Kde | Kdelibs | 4.13.95 | All | All | All |
| Application | Kde | Kdelibs | 4.10.0 | All | All | All |
| Application | Kde | Kdelibs | 4.10.1 | All | All | All |
| Application | Kde | Kdelibs | 4.10.2 | All | All | All |
| Application | Kde | Kdelibs | 4.10.3 | All | All | All |
| Application | Kde | Kdelibs | 4.10.95 | All | All | All |
| Application | Kde | Kdelibs | 4.10.97 | All | All | All |
| Application | Kde | Kdelibs | 4.11.0 | All | All | All |
| Application | Kde | Kdelibs | 4.11.1 | All | All | All |
| Application | Kde | Kdelibs | 4.11.2 | All | All | All |
| Application | Kde | Kdelibs | 4.11.3 | All | All | All |
| Application | Kde | Kdelibs | 4.11.4 | All | All | All |
| Application | Kde | Kdelibs | 4.11.5 | All | All | All |
| Application | Kde | Kdelibs | 4.11.80 | All | All | All |
| Application | Kde | Kdelibs | 4.11.90 | All | All | All |
| Application | Kde | Kdelibs | 4.11.95 | All | All | All |
| Application | Kde | Kdelibs | 4.11.97 | All | All | All |
| Application | Kde | Kdelibs | 4.12.0 | All | All | All |
| Application | Kde | Kdelibs | 4.12.1 | All | All | All |
| Application | Kde | Kdelibs | 4.12.2 | All | All | All |
| Application | Kde | Kdelibs | 4.12.3 | All | All | All |
| Application | Kde | Kdelibs | 4.12.4 | All | All | All |
| Application | Kde | Kdelibs | 4.12.5 | All | All | All |
| Application | Kde | Kdelibs | 4.12.80 | All | All | All |
| Application | Kde | Kdelibs | 4.12.90 | All | All | All |
| Application | Kde | Kdelibs | 4.12.95 | All | All | All |
| Application | Kde | Kdelibs | 4.12.97 | All | All | All |
| Application | Kde | Kdelibs | 4.13.0 | All | All | All |
| Application | Kde | Kdelibs | 4.13.1 | All | All | All |
| Application | Kde | Kdelibs | 4.13.2 | All | All | All |
| Application | Kde | Kdelibs | 4.13.3 | All | All | All |
| Application | Kde | Kdelibs | 4.13.80 | All | All | All |
| Application | Kde | Kdelibs | 4.13.90 | All | All | All |
| Application | Kde | Kdelibs | 4.13.95 | All | All | All |
| Application | Kde | Kdelibs | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Debian -- Security Information -- DSA-3004-1 kde4libs | DEBIAN | www.debian.org | |
| www.kde.org/info/security/advisory-20140730-1.txt | CONFIRM | www.kde.org | Vendor Advisory |
| quickgit.kde.org | CONFIRM | quickgit.kde.org | Exploit, Patch |
| Red Hat Customer Portal | REDHAT | rhn.redhat.com | |
| About Secunia Research | Flexera | SECUNIA | secunia.com | |
| quickgit.kde.org | CONFIRM | quickgit.kde.org | |
| USN-2304-1: KDE-Libs vulnerability | Ubuntu | UBUNTU | www.ubuntu.com | |
| About Secunia Research | Flexera | SECUNIA | secunia.com | |
| openSUSE-SU-2014:0981-1: moderate: kdelibs4: update to fix a DBUS / Poli | SUSE | lists.opensuse.org | |
| Security Advisory SA60654 - Ubuntu update for kde4libs - Secunia | SECUNIA | secunia.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.