FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

kdelibs -- KAuth PID Reuse Flaw

Affected packages
kdelibs < 4.12.5_3

Details

VuXML ID 2f90556f-18c6-11e4-9cc4-5453ed2e2b49
Discovery 2014-07-30
Entry 2014-07-31

Martin Sandsmark reports:

The KAuth framework uses polkit-1 API which tries to authenticate using the requestors PID. This is prone to PID reuse race conditions.

This potentially allows a malicious application to pose as another for authentication purposes when executing privileged actions.

References

CVE Name CVE-2014-5033
Message http://lists.kde.org/?l=kde-announce&m=140674898412923&w=2