Home

CVE-2014-5033

Description

KDE kdelibs before 4.14 and kauth before 5.1 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, related to CVE-2013-4288 and PID reuse race conditions.

Risk Information

Base Score
9.8
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.034

Associated Vulnerability

VulnerabilityOS Platform
KDE 4 core applications and libraries (USN-2304-1) kdelibs5-plugins_4.13.0-0ubuntu1_i386.debLinux
KDE 4 core applications and libraries (USN-2304-1) kdelibs5-plugins_4.13.0-0ubuntu1_amd64.debLinux
Polkit-qt security update (CESA-2014:1359) polkit-qt-0.103.0-10.el7_0.i686.rpmLinux
Polkit-qt security update (CESA-2014:1359) polkit-qt-0.103.0-10.el7_0.x86_64.rpmLinux
Polkit-qt security update (CESA-2014:1359) polkit-qt-doc-0.103.0-10.el7_0.noarch.rpmLinux
Polkit-qt security update (CESA-2014:1359) polkit-qt-devel-0.103.0-10.el7_0.i686.rpmLinux
Polkit-qt security update (CESA-2014:1359) polkit-qt-devel-0.103.0-10.el7_0.x86_64.rpmLinux
(RHSA-2014:1359) Important: polkit-qt security update polkit-qt-0.103.0-10.el7_0.i686.rpmLinux
(RHSA-2014:1359) Important: polkit-qt security update polkit-qt-0.103.0-10.el7_0.x86_64.rpmLinux
(RHSA-2014:1359) Important: polkit-qt security update polkit-qt-devel-0.103.0-10.el7_0.i686.rpmLinux
(RHSA-2014:1359) Important: polkit-qt security update polkit-qt-devel-0.103.0-10.el7_0.x86_64.rpmLinux
(RHSA-2014:1359) Important: polkit-qt security update polkit-qt-doc-0.103.0-10.el7_0.noarch.rpmLinux
Polkit-qt update (ELSA-2014-1359) polkit-qt-0.103.0-10.el7_0.x86_64.rpmLinux
Polkit-qt-devel update (ELSA-2014-1359) polkit-qt-devel-0.103.0-10.el7_0.x86_64.rpmLinux
Polkit-qt-doc update (ELSA-2014-1359) polkit-qt-doc-0.103.0-10.el7_0.noarch.rpmLinux
Polkit-qt update (ELSA-2014-1359) polkit-qt-0.103.0-10.el7_0.i686.rpmLinux
Polkit-qt-devel update (ELSA-2014-1359) polkit-qt-devel-0.103.0-10.el7_0.i686.rpmLinux
(RHSA-2014:1359)Important: security update polkit-qt-debuginfo-0.103.0-10.el7_0.i686.rpmLinux
(RHSA-2014:1359)Important: security update polkit-qt-debuginfo-0.103.0-10.el7_0.x86_64.rpmLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234