ID CVE-2014-5033
Summary KDE kdelibs before 4.14 and kauth before 5.1 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, related to CVE-2013-4288 and "PID reuse race conditions."
References
Vulnerable Configurations
  • Debian kde4libs
    cpe:2.3:a:debian:kde4libs
  • Canonical Ubuntu Linux 12.04 LTS (Long-Term Support)
    cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts
  • Canonical Ubuntu Linux 14.04 LTS (Long-Term Support)
    cpe:2.3:o:canonical:ubuntu_linux:14.04:-:-:-:lts
  • KDE kauth 5.0
    cpe:2.3:a:kde:kauth:5.0
  • KDE kdelibs 4.13.3
    cpe:2.3:a:kde:kdelibs:4.13.3
  • KDE kdelibs 4.13.2
    cpe:2.3:a:kde:kdelibs:4.13.2
  • KDE kdelibs 4.13.1
    cpe:2.3:a:kde:kdelibs:4.13.1
  • KDE kdelibs 4.13.0
    cpe:2.3:a:kde:kdelibs:4.13.0
  • KDE kdelibs 4.12.97
    cpe:2.3:a:kde:kdelibs:4.12.97
  • KDE kdelibs 4.12.95
    cpe:2.3:a:kde:kdelibs:4.12.95
  • KDE kdelibs 4.12.90
    cpe:2.3:a:kde:kdelibs:4.12.90
  • KDE kdelibs 4.12.80
    cpe:2.3:a:kde:kdelibs:4.12.80
  • KDE kdelibs 4.12.5
    cpe:2.3:a:kde:kdelibs:4.12.5
  • KDE kdelibs 4.12.4
    cpe:2.3:a:kde:kdelibs:4.12.4
  • KDE kdelibs 4.12.3
    cpe:2.3:a:kde:kdelibs:4.12.3
  • KDE kdelibs 4.12.2
    cpe:2.3:a:kde:kdelibs:4.12.2
  • KDE kdelibs 4.12.1
    cpe:2.3:a:kde:kdelibs:4.12.1
  • KDE kdelibs 4.12.0
    cpe:2.3:a:kde:kdelibs:4.12.0
  • KDE kdelibs 4.11.97
    cpe:2.3:a:kde:kdelibs:4.11.97
  • KDE kdelibs 4.11.95
    cpe:2.3:a:kde:kdelibs:4.11.95
  • KDE kdelibs 4.11.90
    cpe:2.3:a:kde:kdelibs:4.11.90
  • KDE kdelibs 4.11.80
    cpe:2.3:a:kde:kdelibs:4.11.80
  • KDE kdelibs 4.11.5
    cpe:2.3:a:kde:kdelibs:4.11.5
  • KDE kdelibs 4.11.4
    cpe:2.3:a:kde:kdelibs:4.11.4
  • KDE kdelibs 4.11.3
    cpe:2.3:a:kde:kdelibs:4.11.3
  • KDE kdelibs 4.11.2
    cpe:2.3:a:kde:kdelibs:4.11.2
  • KDE kdelibs 4.11.1
    cpe:2.3:a:kde:kdelibs:4.11.1
  • KDE kdelibs 4.11.0
    cpe:2.3:a:kde:kdelibs:4.11.0
  • KDE kdelibs 4.10.97
    cpe:2.3:a:kde:kdelibs:4.10.97
  • KDE kdelibs 4.10.95
    cpe:2.3:a:kde:kdelibs:4.10.95
  • KDE kdelibs 4.10.3
    cpe:2.3:a:kde:kdelibs:4.10.3
  • KDE kdelibs 4.10.2
    cpe:2.3:a:kde:kdelibs:4.10.2
  • KDE kdelibs 4.10.1
    cpe:2.3:a:kde:kdelibs:4.10.1
  • KDE kdelibs 4.10.0
    cpe:2.3:a:kde:kdelibs:4.10.0
  • KDE kdelibs 4.13.97
    cpe:2.3:a:kde:kdelibs:4.13.97
  • KDE kdelibs 4.13.95
    cpe:2.3:a:kde:kdelibs:4.13.95
  • KDE kdelibs 4.13.90
    cpe:2.3:a:kde:kdelibs:4.13.90
  • KDE kdelibs 4.13.80
    cpe:2.3:a:kde:kdelibs:4.13.80
CVSS
Base: 6.9 (as of 20-08-2014 - 12:59)
Impact:
Exploitability:
CWE CWE-362
CAPEC
  • Leveraging Race Conditions
    This attack targets a race condition occurring when multiple processes access and manipulate the same resource concurrently and the outcome of the execution depends on the particular order in which the access takes place. The attacker can leverage a race condition by "running the race", modifying the resource and modifying the normal execution flow. For instance a race condition can occur while accessing a file, the attacker can trick the system by replacing the original file with his version and cause the system to read the malicious file.
  • Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions
    This attack targets a race condition occurring between the time of check (state) for a resource and the time of use of a resource. The typical example is the file access. The attacker can leverage a file access race condition by "running the race", meaning that he would modify the resource between the first time the target program accesses the file and the time the target program uses the file. During that period of time, the attacker could do something such as replace the file and cause an escalation of privilege.
Access
VectorComplexityAuthentication
LOCAL MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
nessus via4
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-3004.NASL
    description Sebastian Krahmer discovered that Kauth used Policykit insecurely by relying on the process ID. This could result in privilege escalation.
    last seen 2018-09-01
    modified 2015-02-16
    plugin id 77123
    published 2014-08-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=77123
    title Debian DSA-3004-1 : kde4libs - security update
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-76.NASL
    description It was discovered that KAuth, part of kdelibs, uses polkit in a way that is prone to a race condition that may allow authorization bypass. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-09-01
    modified 2015-12-02
    plugin id 82221
    published 2015-03-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=82221
    title Debian DLA-76-1 : kde4libs security update
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2014-1359.NASL
    description Updated polkit-qt packages that fix one security issue are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Polkit-qt is a library that lets developers use the PolicyKit API through a Qt-styled API. The polkit-qt library is used by the KDE Authentication Agent (KAuth), which is a part of kdelibs. It was found that polkit-qt handled authorization requests with PolicyKit via a D-Bus API that is vulnerable to a race condition. A local user could use this flaw to bypass intended PolicyKit authorizations. This update modifies polkit-qt to communicate with PolicyKit via a different API that is not vulnerable to the race condition. (CVE-2014-5033) All polkit-qt users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.
    last seen 2018-09-02
    modified 2014-10-07
    plugin id 78070
    published 2014-10-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=78070
    title CentOS 7 : polkit-qt (CESA-2014:1359)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2014-9602.NASL
    description updated to the new release of polkit-qt Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-09-02
    modified 2015-10-19
    plugin id 77771
    published 2014-09-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=77771
    title Fedora 19 : polkit-qt-0.112.0-1.fc19 (2014-9602)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2014-11448.NASL
    description KDE released updates for its Applications and Development Platform, the first in a series of monthly stabilization updates to the 4.14 series. This update also includes the latest stable calligra-2.8.6 and digikam-4.3.0 releases. See also http://kde.org/announcements/4.14/ , http://kde.org/announcements/announce-4.14.1.php , https://www.calligra.org/news/calligra-2-8-6-released/ , https://www.digikam.org/node/718 The update also addresses CVE-2014-5033, fixed in kdelibs ' 4.14.0: KAuth was calling PolicyKit 1 (polkit) in an insecure way. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-09-02
    modified 2015-10-19
    plugin id 77937
    published 2014-09-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=77937
    title Fedora 20 : akonadi-1.13.0-2.fc20 / amor-4.14.1-1.fc20 / analitza-4.14.1-1.fc20 / ark-4.14.1-1.fc20 / etc (2014-11448)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2014-11348.NASL
    description The update has a fix for CVE-2014-5033, KAuth was calling PolicyKit 1 (polkit) in an insecure way. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-09-01
    modified 2015-10-19
    plugin id 78241
    published 2014-10-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=78241
    title Fedora 19 : kdelibs-4.11.5-5.fc19 (2014-11348)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-2304-1.NASL
    description It was discovered that kauth was using polkit in an unsafe manner. A local attacker could possibly use this issue to bypass intended polkit authorizations. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-09-02
    modified 2016-05-24
    plugin id 76962
    published 2014-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=76962
    title Ubuntu 12.04 LTS / 14.04 LTS : kde4libs vulnerability (USN-2304-1)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_2F90556F18C611E49CC45453ED2E2B49.NASL
    description Martin Sandsmark reports : The KAuth framework uses polkit-1 API which tries to authenticate using the requestors PID. This is prone to PID reuse race conditions. This potentially allows a malicious application to pose as another for authentication purposes when executing privileged actions.
    last seen 2018-09-02
    modified 2014-08-21
    plugin id 76951
    published 2014-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=76951
    title FreeBSD : kdelibs -- KAuth PID Reuse Flaw (2f90556f-18c6-11e4-9cc4-5453ed2e2b49)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2014-485.NASL
    description KDE4 Libraries and Workspace received a security fix to fix a race condition in DBUS/Polkit authorization, where local attackers could potentially call root KDE services without proper authenticiation. (CVE-2014-5033) Additionaly a interlaced GIF display bug in KHTML was fixed. (kde#330148) This update also includes a kdebase4-workspace minor version update to 4.11.11 with various bugfixes.
    last seen 2018-09-02
    modified 2014-08-21
    plugin id 77129
    published 2014-08-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=77129
    title openSUSE Security Update : kdelibs4 (openSUSE-SU-2014:0981-1)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2014-1359.NASL
    description Updated polkit-qt packages that fix one security issue are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Polkit-qt is a library that lets developers use the PolicyKit API through a Qt-styled API. The polkit-qt library is used by the KDE Authentication Agent (KAuth), which is a part of kdelibs. It was found that polkit-qt handled authorization requests with PolicyKit via a D-Bus API that is vulnerable to a race condition. A local user could use this flaw to bypass intended PolicyKit authorizations. This update modifies polkit-qt to communicate with PolicyKit via a different API that is not vulnerable to the race condition. (CVE-2014-5033) All polkit-qt users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.
    last seen 2018-09-02
    modified 2017-01-06
    plugin id 78073
    published 2014-10-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=78073
    title RHEL 7 : polkit-qt (RHSA-2014:1359)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2014-1359.NASL
    description From Red Hat Security Advisory 2014:1359 : Updated polkit-qt packages that fix one security issue are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Polkit-qt is a library that lets developers use the PolicyKit API through a Qt-styled API. The polkit-qt library is used by the KDE Authentication Agent (KAuth), which is a part of kdelibs. It was found that polkit-qt handled authorization requests with PolicyKit via a D-Bus API that is vulnerable to a race condition. A local user could use this flaw to bypass intended PolicyKit authorizations. This update modifies polkit-qt to communicate with PolicyKit via a different API that is not vulnerable to the race condition. (CVE-2014-5033) All polkit-qt users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.
    last seen 2018-09-02
    modified 2015-12-01
    plugin id 78072
    published 2014-10-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=78072
    title Oracle Linux 7 : polkit-qt (ELSA-2014-1359)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2014-9641.NASL
    description updated to the new release of polkit-qt Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-09-01
    modified 2015-10-19
    plugin id 77772
    published 2014-09-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=77772
    title Fedora 20 : polkit-qt-0.112.0-1.fc20 (2014-9641)
redhat via4
advisories
bugzilla
id 1094890
title CVE-2014-5033 polkit-qt: insecure calling of polkit
oval
AND
  • OR
    • comment Red Hat Enterprise Linux 7 Client is installed
      oval oval:com.redhat.rhsa:tst:20140675001
    • comment Red Hat Enterprise Linux 7 Server is installed
      oval oval:com.redhat.rhsa:tst:20140675002
    • comment Red Hat Enterprise Linux 7 Workstation is installed
      oval oval:com.redhat.rhsa:tst:20140675003
    • comment Red Hat Enterprise Linux 7 ComputeNode is installed
      oval oval:com.redhat.rhsa:tst:20140675004
  • OR
    • AND
      • comment polkit-qt is earlier than 0:0.103.0-10.el7_0
        oval oval:com.redhat.rhsa:tst:20141359005
      • comment polkit-qt is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20141359006
    • AND
      • comment polkit-qt-devel is earlier than 0:0.103.0-10.el7_0
        oval oval:com.redhat.rhsa:tst:20141359007
      • comment polkit-qt-devel is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20141359008
    • AND
      • comment polkit-qt-doc is earlier than 0:0.103.0-10.el7_0
        oval oval:com.redhat.rhsa:tst:20141359009
      • comment polkit-qt-doc is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20141359010
rhsa
id RHSA-2014:1359
released 2014-10-06
severity Important
title RHSA-2014:1359: polkit-qt security update (Important)
rpms
  • polkit-qt-0:0.103.0-10.el7_0
  • polkit-qt-devel-0:0.103.0-10.el7_0
  • polkit-qt-doc-0:0.103.0-10.el7_0
refmap via4
confirm
debian DSA-3004
secunia
  • 60385
  • 60633
  • 60654
suse openSUSE-SU-2014:0981
ubuntu USN-2304-1
Last major update 16-10-2014 - 03:22
Published 19-08-2014 - 14:55
Back to Top