FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2014-5033

This CVE name corresponds to:

Entered Topic
2014-07-31 kdelibs -- KAuth PID Reuse Flaw

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

Details

Type Candidate
Name CVE-2014-5033
Phase Assigned(20140722)

Description

KDE kdelibs before 4.14 and kauth before 5.1 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, related to CVE-2013-4288 and "PID reuse race conditions."

References

Source Reference
CONFIRM http://quickgit.kde.org/?p=kauth.git&a=commit&h=341b7d84b6d9c03cf56905cb277b47e11c81482a
CONFIRM http://quickgit.kde.org/?p=kdelibs.git&a=commitdiff&h=e4e7b53b71e2659adaf52691d4accc3594203b23
CONFIRM http://www.kde.org/info/security/advisory-20140730-1.txt
DEBIAN DSA-3004
REDHAT RHSA-2014:1359
SUSE openSUSE-SU-2014:0981
UBUNTU USN-2304-1
SECUNIA 60385
SECUNIA 60633
SECUNIA 60654