Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.9
CVSSv2

CVE-2014-5033

Published: 19/08/2014 Updated: 16/10/2014
CVSS v2 Base Score: 6.9 | Impact Score: 10 | Exploitability Score: 3.4
VMScore: 614
Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C
Subscribe to Canonical

Vulnerability Summary

KDE kdelibs prior to 4.14 and kauth prior to 5.1 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, related to CVE-2013-4288 and "PID reuse race conditions."

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

canonical ubuntu linux 14.04

debian kde4libs -

canonical ubuntu linux 12.04

kde kdelibs 4.12.95

kde kdelibs 4.12.90

kde kdelibs 4.11.97

kde kdelibs 4.11.95

kde kdelibs 4.11.1

kde kdelibs 4.11.0

kde kdelibs

kde kdelibs 4.13.95

kde kauth

kde kdelibs 4.13.3

kde kdelibs 4.12.80

kde kdelibs 4.12.5

kde kdelibs 4.11.90

kde kdelibs 4.11.80

kde kdelibs 4.10.97

kde kdelibs 4.10.95

kde kdelibs 4.13.90

kde kdelibs 4.13.80

kde kdelibs 4.13.0

kde kdelibs 4.12.97

kde kdelibs 4.12.2

kde kdelibs 4.12.1

kde kdelibs 4.12.0

kde kdelibs 4.11.3

kde kdelibs 4.11.2

kde kdelibs 4.10.1

kde kdelibs 4.10.0

kde kdelibs 4.13.2

kde kdelibs 4.13.1

kde kdelibs 4.12.4

kde kdelibs 4.12.3

kde kdelibs 4.11.5

kde kdelibs 4.11.4

kde kdelibs 4.10.3

kde kdelibs 4.10.2

Vendor Advisories

Debian CVElist Bug Report Logs: kde4libs: CVE-2014-5033
Debian Bug report logs - #755814 kde4libs: CVE-2014-5033 Package: kde4libs; Maintainer for kde4libs is Debian/Kubuntu Qt/KDE Maintainers <debian-qt-kde@listsdebianorg>; Reported by: Moritz Muehlenhoff <jmm@inutilorg> Date: Wed, 23 Jul 2014 14:21:12 UTC Severity: grave Tags: security Fixed in versions kde4libs/4:4 ...
Ubuntu Security Notice: kde4libs vulnerability
kauth could be tricked into bypassing polkit authorizations ...
Debian Security Advisories: DSA-3004-1 kde4libs -- security update
Sebastian Krahmer discovered that Kauth used Policykit insecurely by relying on the process ID This could result in privilege escalation For the stable distribution (wheezy), this problem has been fixed in version 4:484-4+deb7u1 For the testing distribution (jessie), this problem has been fixed in version 4:4133-2 For the unstable distribut ...

References

CWE-362http://quickgit.kde.org/?p=kdelibs.git&a=commitdiff&h=e4e7b53b71e2659adaf52691d4accc3594203b23http://www.ubuntu.com/usn/USN-2304-1http://www.debian.org/security/2014/dsa-3004http://secunia.com/advisories/60654http://secunia.com/advisories/60633http://quickgit.kde.org/?p=kauth.git&a=commit&h=341b7d84b6d9c03cf56905cb277b47e11c81482ahttp://secunia.com/advisories/60385http://lists.opensuse.org/opensuse-updates/2014-08/msg00012.htmlhttp://www.kde.org/info/security/advisory-20140730-1.txthttp://rhn.redhat.com/errata/RHSA-2014-1359.htmlhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=755814https://usn.ubuntu.com/2304-1/https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
injectionCVE-2024-30983CVE-2023-4235CVE-2024-21338privilegeencryptionCVE-2023-4232CVE-2024-31497CVE-2024-32341
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook