First published: Tue Aug 19 2014(Updated: )
KDE kdelibs before 4.14 and kauth before 5.1 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, related to CVE-2013-4288 and "PID reuse race conditions."
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Debian Kde4libs | ||
Canonical Ubuntu Linux | =12.04 | |
Canonical Ubuntu Linux | =14.04 | |
KDE KAuth | <=5.0 | |
KDE kdelibs | <=4.13.97 | |
KDE kdelibs | =4.10.0 | |
KDE kdelibs | =4.10.1 | |
KDE kdelibs | =4.10.2 | |
KDE kdelibs | =4.10.3 | |
KDE kdelibs | =4.10.95 | |
KDE kdelibs | =4.10.97 | |
KDE kdelibs | =4.11.0 | |
KDE kdelibs | =4.11.1 | |
KDE kdelibs | =4.11.2 | |
KDE kdelibs | =4.11.3 | |
KDE kdelibs | =4.11.4 | |
KDE kdelibs | =4.11.5 | |
KDE kdelibs | =4.11.80 | |
KDE kdelibs | =4.11.90 | |
KDE kdelibs | =4.11.95 | |
KDE kdelibs | =4.11.97 | |
KDE kdelibs | =4.12.0 | |
KDE kdelibs | =4.12.1 | |
KDE kdelibs | =4.12.2 | |
KDE kdelibs | =4.12.3 | |
KDE kdelibs | =4.12.4 | |
KDE kdelibs | =4.12.5 | |
KDE kdelibs | =4.12.80 | |
KDE kdelibs | =4.12.90 | |
KDE kdelibs | =4.12.95 | |
KDE kdelibs | =4.12.97 | |
KDE kdelibs | =4.13.0 | |
KDE kdelibs | =4.13.1 | |
KDE kdelibs | =4.13.2 | |
KDE kdelibs | =4.13.3 | |
KDE kdelibs | =4.13.80 | |
KDE kdelibs | =4.13.90 | |
KDE kdelibs | =4.13.95 |
http://quickgit.kde.org/?p=kdelibs.git&a=commitdiff&h=e4e7b53b71e2659adaf52691d4accc3594203b23
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.