Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2014-5033

Опубликовано: 19 авг. 2014
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS2: 6.9

Описание

KDE kdelibs before 4.14 and kauth before 5.1 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, related to CVE-2013-4288 and "PID reuse race conditions."

РелизСтатусПримечание
devel

not-affected

4:4.13.95-0ubuntu3
esm-infra-legacy/trusty

released

4:4.13.2a-0ubuntu0.3
lucid

ignored

end of life
precise

released

4:4.8.5-0ubuntu0.4
trusty

released

4:4.13.2a-0ubuntu0.3
trusty/esm

released

4:4.13.2a-0ubuntu0.3
upstream

needed

Показывать по

EPSS

Процентиль: 8%
0.00034
Низкий

6.9 Medium

CVSS2

Связанные уязвимости

redhat
больше 11 лет назад

KDE kdelibs before 4.14 and kauth before 5.1 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, related to CVE-2013-4288 and "PID reuse race conditions."

nvd
около 11 лет назад

KDE kdelibs before 4.14 and kauth before 5.1 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, related to CVE-2013-4288 and "PID reuse race conditions."

debian
около 11 лет назад

KDE kdelibs before 4.14 and kauth before 5.1 does not properly use D-B ...

github
больше 3 лет назад

KDE kdelibs before 4.14 and kauth before 5.1 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, related to CVE-2013-4288 and "PID reuse race conditions."

oracle-oval
почти 11 лет назад

ELSA-2014-1359: polkit-qt security update (IMPORTANT)

EPSS

Процентиль: 8%
0.00034
Низкий

6.9 Medium

CVSS2