PublicDateAtUSN: 2014-07-23
Candidate: CVE-2014-5033
PublicDate: 2014-08-19 18:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5033
 https://ubuntu.com/security/notices/USN-2304-1
Description:
 KDE kdelibs before 4.14 and kauth before 5.1 does not properly use D-Bus
 for communication with a polkit authority, which allows local users to
 bypass intended access restrictions by leveraging a PolkitUnixProcess
 PolkitSubject race condition via a (1) setuid process or (2) pkexec
 process, related to CVE-2013-4288 and "PID reuse race conditions."
Ubuntu-Description:
Notes:
Bugs:
 https://bugzilla.novell.com/show_bug.cgi?id=864716
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=755814
 https://bugs.launchpad.net/ubuntu/+source/kde4libs/+bug/1350019
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_kde4libs:
 upstream: http://quickgit.kde.org/?p=kdelibs.git&a=commit&h=e4e7b53b71e2659adaf52691d4accc3594203b23
upstream_kde4libs: needed
lucid_kde4libs: ignored (reached end-of-life)
precise_kde4libs: released (4:4.8.5-0ubuntu0.4)
trusty_kde4libs: released (4:4.13.2a-0ubuntu0.3)
trusty/esm_kde4libs: released (4:4.13.2a-0ubuntu0.3)
devel_kde4libs: not-affected (4:4.13.95-0ubuntu3)