Lucene search

K

[email protected]NVD:CVE-2014-5033

HistoryAug 19, 2014 - 6:55 p.m.

CVE-2014-5033

2014-08-1918:55:03

CWE-362

[email protected]

web.nvd.nist.gov

6.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

6.2 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

KDE kdelibs before 4.14 and kauth before 5.1 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, related to CVE-2013-4288 and “PID reuse race conditions.”

Affected configurations

NVD

Node

debiankde4libsMatch-

OR

canonicalubuntu_linuxMatch12.04-lts

OR

canonicalubuntu_linuxMatch14.04lts

Node

kdekauthRange≤5.0

OR

kdekdelibsRange≤4.13.97

OR

kdekdelibsMatch4.10.0

OR

kdekdelibsMatch4.10.1

OR

kdekdelibsMatch4.10.2

OR

kdekdelibsMatch4.10.3

OR

kdekdelibsMatch4.10.95

OR

kdekdelibsMatch4.10.97

OR

kdekdelibsMatch4.11.0

OR

kdekdelibsMatch4.11.1

OR

kdekdelibsMatch4.11.2

OR

kdekdelibsMatch4.11.3

OR

kdekdelibsMatch4.11.4

OR

kdekdelibsMatch4.11.5

OR

kdekdelibsMatch4.11.80

OR

kdekdelibsMatch4.11.90

OR

kdekdelibsMatch4.11.95

OR

kdekdelibsMatch4.11.97

OR

kdekdelibsMatch4.12.0

OR

kdekdelibsMatch4.12.1

OR

kdekdelibsMatch4.12.2

OR

kdekdelibsMatch4.12.3

OR

kdekdelibsMatch4.12.4

OR

kdekdelibsMatch4.12.5

OR

kdekdelibsMatch4.12.80

OR

kdekdelibsMatch4.12.90

OR

kdekdelibsMatch4.12.95

OR

kdekdelibsMatch4.12.97

OR

kdekdelibsMatch4.13.0

OR

kdekdelibsMatch4.13.1

OR

kdekdelibsMatch4.13.2

OR

kdekdelibsMatch4.13.3

OR

kdekdelibsMatch4.13.80

OR

kdekdelibsMatch4.13.90

OR

kdekdelibsMatch4.13.95

References

lists.opensuse.org/opensuse-updates/2014-08/msg00012.html

quickgit.kde.org/?p=kauth.git&a=commit&h=341b7d84b6d9c03cf56905cb277b47e11c81482a

quickgit.kde.org/?p=kdelibs.git&a=commitdiff&h=e4e7b53b71e2659adaf52691d4accc3594203b23

rhn.redhat.com/errata/RHSA-2014-1359.html

secunia.com/advisories/60385

secunia.com/advisories/60633

secunia.com/advisories/60654

www.debian.org/security/2014/dsa-3004

www.kde.org/info/security/advisory-20140730-1.txt

www.ubuntu.com/usn/USN-2304-1

6.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

6.2 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

Related for NVD:CVE-2014-5033

prion2 cve2 cvelist2 ubuntucve2 debiancve2 nessus18 openvas86 veracode1 redhat2 fedora72 nvd1 centos2 debian2 oraclelinux1 securityvulns1 ubuntu2 freebsd1