Vulnerability CVE-2014-5033


Published: 2014-08-19

Description:
KDE kdelibs before 4.14 and kauth before 5.1 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, related to CVE-2013-4288 and "PID reuse race conditions."

Type:

CWE-362

Vendor: KDE
Product: Kauth 
Version: 5.0;
Product: Kdelibs 
Version:
4.13.97
4.13.95
4.13.90
4.13.80
4.13.3
4.13.2
4.13.1
4.13.0
4.12.97
4.12.95
4.12.90
4.12.80
4.12.5
4.12.4
4.12.3
4.12.2
4.12.1
4.12.0
4.11.97
4.11.95
4.11.90
4.11.80
4.11.5
4.11.4
4.11.3
4.11.2
4.11.1
4.11.0
4.10.97
4.10.95
4.10.3
4.10.2
4.10.1
4.10.0
Vendor: Canonical
Product: Ubuntu linux 
Version: 14.04; 12.04;
Vendor: Debian
Product: Kde4libs 

CVSS2 => (AV:L/AC:M/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.9/10
10/10
3.4/10
Exploit range
Attack complexity
Authentication
Local
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete

 References:
http://quickgit.kde.org/?p=kdelibs.git&a=commitdiff&h=e4e7b53b71e2659adaf52691d4accc3594203b23
http://www.ubuntu.com/usn/USN-2304-1
http://www.kde.org/info/security/advisory-20140730-1.txt
http://www.debian.org/security/2014/dsa-3004
http://secunia.com/advisories/60654
http://secunia.com/advisories/60633
http://secunia.com/advisories/60385
http://rhn.redhat.com/errata/RHSA-2014-1359.html
http://quickgit.kde.org/?p=kauth.git&a=commit&h=341b7d84b6d9c03cf56905cb277b47e11c81482a
http://lists.opensuse.org/opensuse-updates/2014-08/msg00012.html

Related CVE
CVE-2019-12046
LemonLDAP::NG -2.0.3 has Incorrect Access Control.
CVE-2019-9892
An issue was discovered in Open Ticket Request System (OTRS) 5.x through 5.0.34, 6.x through 6.0.17, and 7.x through 7.0.6. An attacker who is logged into OTRS as an agent user with appropriate permissions may try to import carefully crafted Report S...
CVE-2019-12086
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint, the service has the mysql-connector-java ja...
CVE-2019-3839
It was found that in ghostscript some privileged operators remained accessible from various places after the CVE-2019-6116 fix. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside o...
CVE-2019-11766
dhcp6.c in dhcpcd before 6.11.7 and 7.x before 7.2.2 has a buffer over-read in the D6_OPTION_PD_EXCLUDE feature.
CVE-2019-11627
gpg-key2ps in signing-party 1.1.x and 2.x before 2.10-1 contains an unsafe shell call enabling shell injection via a User ID.
CVE-2019-9928
GStreamer before 1.16.0 has a heap-based buffer overflow in the RTSP connection parser via a crafted response from a server, potentially allowing remote code execution.
CVE-2019-3902
A flaw was found in Mercurial before 4.9. It was possible to use symlinks and subrepositories to defeat Mercurial's path-checking logic and write files outside a repository.

Copyright 2019, cxsecurity.com

 

Back to Top