Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
CVE-2014-5033
CVE information
Published
Last Modified
CVSSv2.0 Severity
Impact Analysis
Description
KDE kdelibs before 4.14 and kauth before 5.1 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, related to CVE-2013-4288 and "PID reuse race conditions.".
CVSSv2.0 Score
- Severity
- Medium
- Base Score
- 6.9/10
- Exploit Score
- 3.4/10
- Access Vector
- Local
- Access Complexity
- Medium
- Authentication Required
- None
- Impact Score
- 10/10
- Confidentiality Impact
- Complete
- Availability Impact
- Complete
- Integrity Impact
- Complete
Products Affected
| CPE | Affected | Vulnerable | Excluding | Edit |
|---|---|---|---|---|
| cpe:2.3:a:debian:kde4libs:-:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:* |
Yes
|
- | - | |
| cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:kde:kdelibs:4.13.90:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:kde:kdelibs:*:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:kde:kdelibs:4.11.4:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:kde:kdelibs:4.10.97:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:kde:kdelibs:4.12.3:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:kde:kdelibs:4.10.2:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:kde:kdelibs:4.12.1:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:kde:kdelibs:4.11.90:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:kde:kdelibs:4.12.90:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:kde:kdelibs:4.12.97:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:kde:kdelibs:4.13.3:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:kde:kdelibs:4.11.2:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:kde:kdelibs:4.13.0:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:kde:kdelibs:4.11.5:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:kde:kdelibs:4.12.0:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:kde:kdelibs:4.10.95:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:kde:kdelibs:4.13.95:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:kde:kdelibs:4.12.2:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:kde:kdelibs:4.11.1:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:kde:kdelibs:4.13.80:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:kde:kdelibs:4.12.80:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:kde:kdelibs:4.13.2:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:kde:kdelibs:4.10.3:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:kde:kdelibs:4.10.1:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:kde:kdelibs:4.11.95:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:kde:kdelibs:4.11.80:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:kde:kdelibs:4.11.3:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:kde:kdelibs:4.12.5:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:kde:kdelibs:4.11.97:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:kde:kdelibs:4.11.0:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:kde:kdelibs:4.13.1:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:kde:kauth:*:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:kde:kdelibs:4.10.0:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:kde:kdelibs:4.12.4:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:kde:kdelibs:4.12.95:*:*:*:*:*:*:* |
Yes
|
- | - |
References
- http://quickgit.kde.org/?p=kdelibs.git&a=commitdiff&h=e4e7b53b71e2659adaf52691d4accc3594
- http://www.ubuntu.com/usn/USN-2304-1
- http://www.debian.org/security/2014/dsa-3004
- http://secunia.com/advisories/60654
- http://secunia.com/advisories/60633
- http://quickgit.kde.org/?p=kauth.git&a=commit&h=341b7d84b6d9c03cf56905cb277b47e11c81482a
- http://secunia.com/advisories/60385
- http://lists.opensuse.org/opensuse-updates/2014-08/msg00012.html
- http://www.kde.org/info/security/advisory-20140730-1.txt
- http://rhn.redhat.com/errata/RHSA-2014-1359.html