[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248392

 
 

909

 
 

195452

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2014-5033Date: (C)2014-08-22   (M)2023-12-22


KDE kdelibs before 4.14 and kauth before 5.1 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, related to CVE-2013-4288 and "PID reuse race conditions."

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 6.9
Exploit Score: 3.4
Impact Score: 10.0
 
CVSS V2 Metrics:
Access Vector: LOCAL
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: COMPLETE
Integrity: COMPLETE
Availability: COMPLETE
  
Reference:
SECUNIA-60385
SECUNIA-60633
SECUNIA-60654
DSA-3004
RHSA-2014:1359
USN-2304-1
http://quickgit.kde.org/?p=kauth.git&a=commit&h=341b7d84b6d9c03cf56905cb277b47e11c81482a
http://quickgit.kde.org/?p=kdelibs.git&a=commitdiff&h=e4e7b53b71e2659adaf52691d4accc3594203b23
http://www.kde.org/info/security/advisory-20140730-1.txt
openSUSE-SU-2014:0981

CPE    37
cpe:/a:debian:kde4libs:-
cpe:/a:kde:kdelibs:4.10.0
cpe:/a:kde:kdelibs:4.11.95
cpe:/a:kde:kdelibs:4.10.3
...
CWE    1
CWE-362
OVAL    134
oval:org.secpod.oval:def:107553
oval:org.secpod.oval:def:107795
oval:org.secpod.oval:def:107675
oval:org.secpod.oval:def:107797
...

© SecPod Technologies