KDE kdelibs prior to 4.14 and kauth prior to 5.1 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, related to CVE-2013-4288 and "PID reuse race conditions."
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
canonical ubuntu linux 14.04 |
||
debian kde4libs - |
||
canonical ubuntu linux 12.04 |
||
kde kdelibs 4.12.95 |
||
kde kdelibs 4.12.90 |
||
kde kdelibs 4.11.97 |
||
kde kdelibs 4.11.95 |
||
kde kdelibs 4.11.1 |
||
kde kdelibs 4.11.0 |
||
kde kdelibs |
||
kde kdelibs 4.13.95 |
||
kde kauth |
||
kde kdelibs 4.13.3 |
||
kde kdelibs 4.12.80 |
||
kde kdelibs 4.12.5 |
||
kde kdelibs 4.11.90 |
||
kde kdelibs 4.11.80 |
||
kde kdelibs 4.10.97 |
||
kde kdelibs 4.10.95 |
||
kde kdelibs 4.13.90 |
||
kde kdelibs 4.13.80 |
||
kde kdelibs 4.13.0 |
||
kde kdelibs 4.12.97 |
||
kde kdelibs 4.12.2 |
||
kde kdelibs 4.12.1 |
||
kde kdelibs 4.12.0 |
||
kde kdelibs 4.11.3 |
||
kde kdelibs 4.11.2 |
||
kde kdelibs 4.10.1 |
||
kde kdelibs 4.10.0 |
||
kde kdelibs 4.13.2 |
||
kde kdelibs 4.13.1 |
||
kde kdelibs 4.12.4 |
||
kde kdelibs 4.12.3 |
||
kde kdelibs 4.11.5 |
||
kde kdelibs 4.11.4 |
||
kde kdelibs 4.10.3 |
||
kde kdelibs 4.10.2 |