CVE-2014-5033

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2014-5033
KDE kdelibs before 4.14 and kauth before 5.1 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, related to CVE-2013-4288 and "PID reuse race conditions."

6.9 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:L/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 3.4 / Impact : 10.0

Access Vector LOCAL

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References
Link Resource
http://lists.opensuse.org/opensuse-updates/2014-08/msg00012.html
http://quickgit.kde.org/?p=kauth.git&a=commit&h=341b7d84b6d9c03cf56905cb277b47e11c81482a
http://quickgit.kde.org/?p=kdelibs.git&a=commitdiff&h=e4e7b53b71e2659adaf52691d4accc3594203b23 Exploit Patch
http://rhn.redhat.com/errata/RHSA-2014-1359.html
http://secunia.com/advisories/60385
http://secunia.com/advisories/60633
http://secunia.com/advisories/60654
http://www.debian.org/security/2014/dsa-3004
http://www.kde.org/info/security/advisory-20140730-1.txt Vendor Advisory
http://www.ubuntu.com/usn/USN-2304-1
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:debian:kde4libs:-:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:kde:kauth:*:*:*:*:*:*:*:*
cpe:2.3:a:kde:kdelibs:*:*:*:*:*:*:*:*
cpe:2.3:a:kde:kdelibs:4.10.0:*:*:*:*:*:*:*
cpe:2.3:a:kde:kdelibs:4.10.1:*:*:*:*:*:*:*
cpe:2.3:a:kde:kdelibs:4.10.2:*:*:*:*:*:*:*
cpe:2.3:a:kde:kdelibs:4.10.3:*:*:*:*:*:*:*
cpe:2.3:a:kde:kdelibs:4.10.95:*:*:*:*:*:*:*
cpe:2.3:a:kde:kdelibs:4.10.97:*:*:*:*:*:*:*
cpe:2.3:a:kde:kdelibs:4.11.0:*:*:*:*:*:*:*
cpe:2.3:a:kde:kdelibs:4.11.1:*:*:*:*:*:*:*
cpe:2.3:a:kde:kdelibs:4.11.2:*:*:*:*:*:*:*
cpe:2.3:a:kde:kdelibs:4.11.3:*:*:*:*:*:*:*
cpe:2.3:a:kde:kdelibs:4.11.4:*:*:*:*:*:*:*
cpe:2.3:a:kde:kdelibs:4.11.5:*:*:*:*:*:*:*
cpe:2.3:a:kde:kdelibs:4.11.80:*:*:*:*:*:*:*
cpe:2.3:a:kde:kdelibs:4.11.90:*:*:*:*:*:*:*
cpe:2.3:a:kde:kdelibs:4.11.95:*:*:*:*:*:*:*
cpe:2.3:a:kde:kdelibs:4.11.97:*:*:*:*:*:*:*
cpe:2.3:a:kde:kdelibs:4.12.0:*:*:*:*:*:*:*
cpe:2.3:a:kde:kdelibs:4.12.1:*:*:*:*:*:*:*
cpe:2.3:a:kde:kdelibs:4.12.2:*:*:*:*:*:*:*
cpe:2.3:a:kde:kdelibs:4.12.3:*:*:*:*:*:*:*
cpe:2.3:a:kde:kdelibs:4.12.4:*:*:*:*:*:*:*
cpe:2.3:a:kde:kdelibs:4.12.5:*:*:*:*:*:*:*
cpe:2.3:a:kde:kdelibs:4.12.80:*:*:*:*:*:*:*
cpe:2.3:a:kde:kdelibs:4.12.90:*:*:*:*:*:*:*
cpe:2.3:a:kde:kdelibs:4.12.95:*:*:*:*:*:*:*
cpe:2.3:a:kde:kdelibs:4.12.97:*:*:*:*:*:*:*
cpe:2.3:a:kde:kdelibs:4.13.0:*:*:*:*:*:*:*
cpe:2.3:a:kde:kdelibs:4.13.1:*:*:*:*:*:*:*
cpe:2.3:a:kde:kdelibs:4.13.2:*:*:*:*:*:*:*
cpe:2.3:a:kde:kdelibs:4.13.3:*:*:*:*:*:*:*
cpe:2.3:a:kde:kdelibs:4.13.80:*:*:*:*:*:*:*
cpe:2.3:a:kde:kdelibs:4.13.90:*:*:*:*:*:*:*
cpe:2.3:a:kde:kdelibs:4.13.95:*:*:*:*:*:*:*
History

No history.

Information

Published : 2014-08-19 18:55

Updated : 2024-02-28 12:20

NVD link : CVE-2014-5033

Mitre link : CVE-2014-5033

CVE.ORG link : CVE-2014-5033

JSON object : View

Products Affected

canonical

  • ubuntu_linux

kde

  • kdelibs
  • kauth

debian

  • kde4libs
CWE
CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024