1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
|
PublicDateAtUSN: 2014-07-23
Candidate: CVE-2014-5033
PublicDate: 2014-08-19
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5033
http://www.ubuntu.com/usn/usn-2304-1
Description:
KDE kdelibs before 4.14 and kauth before 5.1 does not properly use D-Bus
for communication with a polkit authority, which allows local users to
bypass intended access restrictions by leveraging a PolkitUnixProcess
PolkitSubject race condition via a (1) setuid process or (2) pkexec
process, related to CVE-2013-4288 and "PID reuse race conditions."
Ubuntu-Description:
Notes:
Bugs:
https://bugzilla.novell.com/show_bug.cgi?id=864716
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=755814
https://bugs.launchpad.net/ubuntu/+source/kde4libs/+bug/1350019
Priority: medium
Discovered-by:
Assigned-to:
Patches_kde4libs:
upstream: http://quickgit.kde.org/?p=kdelibs.git&a=commit&h=e4e7b53b71e2659adaf52691d4accc3594203b23
upstream_kde4libs: needed
lucid_kde4libs: ignored (reached end-of-life)
precise_kde4libs: released (4:4.8.5-0ubuntu0.4)
trusty_kde4libs: released (4:4.13.2a-0ubuntu0.3)
devel_kde4libs: not-affected (4:4.13.95-0ubuntu3)
|