CVE-2014-5033
19.08.2014, 18:55
KDE kdelibs before 4.14 and kauth before 5.1 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, related to CVE-2013-4288 and "PID reuse race conditions."
| Vendor | Product | Version |
|---|---|---|
| debian | kde4libs | - |
| canonical | ubuntu_linux | 12.04 |
| canonical | ubuntu_linux | 14.04 |
| kde | kauth | 𝑥 ≤ 5.0 |
| kde | kdelibs | 𝑥 ≤ 4.13.97 |
| kde | kdelibs | 4.10.0 |
| kde | kdelibs | 4.10.1 |
| kde | kdelibs | 4.10.2 |
| kde | kdelibs | 4.10.3 |
| kde | kdelibs | 4.10.95 |
| kde | kdelibs | 4.10.97 |
| kde | kdelibs | 4.11.0 |
| kde | kdelibs | 4.11.1 |
| kde | kdelibs | 4.11.2 |
| kde | kdelibs | 4.11.3 |
| kde | kdelibs | 4.11.4 |
| kde | kdelibs | 4.11.5 |
| kde | kdelibs | 4.11.80 |
| kde | kdelibs | 4.11.90 |
| kde | kdelibs | 4.11.95 |
| kde | kdelibs | 4.11.97 |
| kde | kdelibs | 4.12.0 |
| kde | kdelibs | 4.12.1 |
| kde | kdelibs | 4.12.2 |
| kde | kdelibs | 4.12.3 |
| kde | kdelibs | 4.12.4 |
| kde | kdelibs | 4.12.5 |
| kde | kdelibs | 4.12.80 |
| kde | kdelibs | 4.12.90 |
| kde | kdelibs | 4.12.95 |
| kde | kdelibs | 4.12.97 |
| kde | kdelibs | 4.13.0 |
| kde | kdelibs | 4.13.1 |
| kde | kdelibs | 4.13.2 |
| kde | kdelibs | 4.13.3 |
| kde | kdelibs | 4.13.80 |
| kde | kdelibs | 4.13.90 |
| kde | kdelibs | 4.13.95 |
𝑥
= Vulnerable software versions
Ubuntu Releases
References