cbcvebase.
CVE-2014-5033
published 2014-08-19

CVE-2014-5033: KDE kdelibs before 4.14 and kauth before 5.1 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended…

PriorityP420medium6.9CVSS 2.0
AVLACMAuNCCICAC
EPSS
0.36%
27.7th percentile
KDE kdelibs before 4.14 and kauth before 5.1 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, related to CVE-2013-4288 and "PID reuse race conditions."

Affected

37 ranges· showing 25
VendorProductVersion rangeFixed in
canonicalubuntu_linux
canonicalubuntu_linux
kdekauth<= 5.0
kdekdelibs<= 4.13.97
kdekdelibs
kdekdelibs
kdekdelibs
kdekdelibs
kdekdelibs
kdekdelibs
kdekdelibs
kdekdelibs
kdekdelibs
kdekdelibs
kdekdelibs
kdekdelibs
kdekdelibs
kdekdelibs
kdekdelibs
kdekdelibs
kdekdelibs
kdekdelibs
kdekdelibs
kdekdelibs
kdekdelibs

CVSS provenance

nvdv2.06.9MEDIUMAV:L/AC:M/Au:N/C:C/I:C/A:C
osv7.2HIGH
vendor_redhat7.2HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.