Search for vulnerabilities
Vulnerability details: VCID-g6rw-9kg2-aaad
Vulnerability ID VCID-g6rw-9kg2-aaad
Aliases CVE-2014-5033
Summary KDE kdelibs before 4.14 and kauth before 5.1 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, related to CVE-2013-4288 and "PID reuse race conditions."
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
System Score Found at
generic_textual Medium http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-5033.html
rhas Important https://access.redhat.com/errata/RHSA-2014:1359
epss 0.00034 https://api.first.org/data/v1/epss?cve=CVE-2014-5033
epss 0.00034 https://api.first.org/data/v1/epss?cve=CVE-2014-5033
epss 0.00034 https://api.first.org/data/v1/epss?cve=CVE-2014-5033
epss 0.00034 https://api.first.org/data/v1/epss?cve=CVE-2014-5033
epss 0.00034 https://api.first.org/data/v1/epss?cve=CVE-2014-5033
epss 0.00034 https://api.first.org/data/v1/epss?cve=CVE-2014-5033
epss 0.00034 https://api.first.org/data/v1/epss?cve=CVE-2014-5033
epss 0.00034 https://api.first.org/data/v1/epss?cve=CVE-2014-5033
epss 0.00034 https://api.first.org/data/v1/epss?cve=CVE-2014-5033
epss 0.00034 https://api.first.org/data/v1/epss?cve=CVE-2014-5033
epss 0.00034 https://api.first.org/data/v1/epss?cve=CVE-2014-5033
epss 0.00034 https://api.first.org/data/v1/epss?cve=CVE-2014-5033
epss 0.00034 https://api.first.org/data/v1/epss?cve=CVE-2014-5033
epss 0.00034 https://api.first.org/data/v1/epss?cve=CVE-2014-5033
epss 0.00034 https://api.first.org/data/v1/epss?cve=CVE-2014-5033
epss 0.00034 https://api.first.org/data/v1/epss?cve=CVE-2014-5033
epss 0.00034 https://api.first.org/data/v1/epss?cve=CVE-2014-5033
epss 0.00034 https://api.first.org/data/v1/epss?cve=CVE-2014-5033
epss 0.00034 https://api.first.org/data/v1/epss?cve=CVE-2014-5033
epss 0.00034 https://api.first.org/data/v1/epss?cve=CVE-2014-5033
epss 0.00034 https://api.first.org/data/v1/epss?cve=CVE-2014-5033
epss 0.00034 https://api.first.org/data/v1/epss?cve=CVE-2014-5033
epss 0.00034 https://api.first.org/data/v1/epss?cve=CVE-2014-5033
epss 0.00034 https://api.first.org/data/v1/epss?cve=CVE-2014-5033
epss 0.00034 https://api.first.org/data/v1/epss?cve=CVE-2014-5033
epss 0.00034 https://api.first.org/data/v1/epss?cve=CVE-2014-5033
epss 0.00034 https://api.first.org/data/v1/epss?cve=CVE-2014-5033
epss 0.00034 https://api.first.org/data/v1/epss?cve=CVE-2014-5033
epss 0.00034 https://api.first.org/data/v1/epss?cve=CVE-2014-5033
epss 0.00034 https://api.first.org/data/v1/epss?cve=CVE-2014-5033
epss 0.00034 https://api.first.org/data/v1/epss?cve=CVE-2014-5033
epss 0.00034 https://api.first.org/data/v1/epss?cve=CVE-2014-5033
epss 0.00034 https://api.first.org/data/v1/epss?cve=CVE-2014-5033
epss 0.00034 https://api.first.org/data/v1/epss?cve=CVE-2014-5033
epss 0.00034 https://api.first.org/data/v1/epss?cve=CVE-2014-5033
epss 0.00034 https://api.first.org/data/v1/epss?cve=CVE-2014-5033
epss 0.00034 https://api.first.org/data/v1/epss?cve=CVE-2014-5033
epss 0.00034 https://api.first.org/data/v1/epss?cve=CVE-2014-5033
epss 0.00034 https://api.first.org/data/v1/epss?cve=CVE-2014-5033
epss 0.00034 https://api.first.org/data/v1/epss?cve=CVE-2014-5033
epss 0.00034 https://api.first.org/data/v1/epss?cve=CVE-2014-5033
epss 0.00034 https://api.first.org/data/v1/epss?cve=CVE-2014-5033
epss 0.00034 https://api.first.org/data/v1/epss?cve=CVE-2014-5033
epss 0.00034 https://api.first.org/data/v1/epss?cve=CVE-2014-5033
epss 0.00034 https://api.first.org/data/v1/epss?cve=CVE-2014-5033
epss 0.00034 https://api.first.org/data/v1/epss?cve=CVE-2014-5033
epss 0.00034 https://api.first.org/data/v1/epss?cve=CVE-2014-5033
epss 0.00034 https://api.first.org/data/v1/epss?cve=CVE-2014-5033
epss 0.00034 https://api.first.org/data/v1/epss?cve=CVE-2014-5033
epss 0.00034 https://api.first.org/data/v1/epss?cve=CVE-2014-5033
epss 0.00034 https://api.first.org/data/v1/epss?cve=CVE-2014-5033
epss 0.00034 https://api.first.org/data/v1/epss?cve=CVE-2014-5033
epss 0.00034 https://api.first.org/data/v1/epss?cve=CVE-2014-5033
epss 0.00034 https://api.first.org/data/v1/epss?cve=CVE-2014-5033
epss 0.00034 https://api.first.org/data/v1/epss?cve=CVE-2014-5033
epss 0.00034 https://api.first.org/data/v1/epss?cve=CVE-2014-5033
epss 0.00034 https://api.first.org/data/v1/epss?cve=CVE-2014-5033
epss 0.00034 https://api.first.org/data/v1/epss?cve=CVE-2014-5033
epss 0.00034 https://api.first.org/data/v1/epss?cve=CVE-2014-5033
epss 0.00034 https://api.first.org/data/v1/epss?cve=CVE-2014-5033
epss 0.00034 https://api.first.org/data/v1/epss?cve=CVE-2014-5033
epss 0.00034 https://api.first.org/data/v1/epss?cve=CVE-2014-5033
epss 0.00034 https://api.first.org/data/v1/epss?cve=CVE-2014-5033
epss 0.00034 https://api.first.org/data/v1/epss?cve=CVE-2014-5033
epss 0.00034 https://api.first.org/data/v1/epss?cve=CVE-2014-5033
epss 0.00034 https://api.first.org/data/v1/epss?cve=CVE-2014-5033
epss 0.00034 https://api.first.org/data/v1/epss?cve=CVE-2014-5033
epss 0.00034 https://api.first.org/data/v1/epss?cve=CVE-2014-5033
epss 0.00034 https://api.first.org/data/v1/epss?cve=CVE-2014-5033
epss 0.00034 https://api.first.org/data/v1/epss?cve=CVE-2014-5033
epss 0.00034 https://api.first.org/data/v1/epss?cve=CVE-2014-5033
epss 0.00034 https://api.first.org/data/v1/epss?cve=CVE-2014-5033
epss 0.00041 https://api.first.org/data/v1/epss?cve=CVE-2014-5033
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2014-5033
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2014-5033
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2014-5033
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2014-5033
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2014-5033
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2014-5033
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2014-5033
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2014-5033
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2014-5033
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2014-5033
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2014-5033
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2014-5033
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2014-5033
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2014-5033
epss 0.00047 https://api.first.org/data/v1/epss?cve=CVE-2014-5033
rhbs high https://bugzilla.redhat.com/show_bug.cgi?id=1094890
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5033
cvssv2 6.9 https://nvd.nist.gov/vuln/detail/CVE-2014-5033
generic_textual Medium https://ubuntu.com/security/notices/USN-2304-1
Reference id Reference type URL
http://lists.opensuse.org/opensuse-updates/2014-08/msg00012.html
http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-5033.html
http://quickgit.kde.org/?p=kauth.git&a=commit&h=341b7d84b6d9c03cf56905cb277b47e11c81482a
http://quickgit.kde.org/?p=kdelibs.git&a=commitdiff&h=e4e7b53b71e2659adaf52691d4accc3594203b23
http://rhn.redhat.com/errata/RHSA-2014-1359.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-5033.json
https://api.first.org/data/v1/epss?cve=CVE-2014-5033
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5033
http://secunia.com/advisories/60385
http://secunia.com/advisories/60633
http://secunia.com/advisories/60654
https://ubuntu.com/security/notices/USN-2304-1
http://www.debian.org/security/2014/dsa-3004
http://www.kde.org/info/security/advisory-20140730-1.txt
http://www.ubuntu.com/usn/USN-2304-1
1094890 https://bugzilla.redhat.com/show_bug.cgi?id=1094890
755814 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=755814
cpe:2.3:a:debian:kde4libs:-:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:debian:kde4libs:-:*:*:*:*:*:*:*
cpe:2.3:a:kde:kauth:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:kde:kauth:*:*:*:*:*:*:*:*
cpe:2.3:a:kde:kdelibs:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:kde:kdelibs:*:*:*:*:*:*:*:*
cpe:2.3:a:kde:kdelibs:4.10.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:kde:kdelibs:4.10.0:*:*:*:*:*:*:*
cpe:2.3:a:kde:kdelibs:4.10.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:kde:kdelibs:4.10.1:*:*:*:*:*:*:*
cpe:2.3:a:kde:kdelibs:4.10.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:kde:kdelibs:4.10.2:*:*:*:*:*:*:*
cpe:2.3:a:kde:kdelibs:4.10.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:kde:kdelibs:4.10.3:*:*:*:*:*:*:*
cpe:2.3:a:kde:kdelibs:4.10.95:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:kde:kdelibs:4.10.95:*:*:*:*:*:*:*
cpe:2.3:a:kde:kdelibs:4.10.97:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:kde:kdelibs:4.10.97:*:*:*:*:*:*:*
cpe:2.3:a:kde:kdelibs:4.11.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:kde:kdelibs:4.11.0:*:*:*:*:*:*:*
cpe:2.3:a:kde:kdelibs:4.11.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:kde:kdelibs:4.11.1:*:*:*:*:*:*:*
cpe:2.3:a:kde:kdelibs:4.11.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:kde:kdelibs:4.11.2:*:*:*:*:*:*:*
cpe:2.3:a:kde:kdelibs:4.11.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:kde:kdelibs:4.11.3:*:*:*:*:*:*:*
cpe:2.3:a:kde:kdelibs:4.11.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:kde:kdelibs:4.11.4:*:*:*:*:*:*:*
cpe:2.3:a:kde:kdelibs:4.11.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:kde:kdelibs:4.11.5:*:*:*:*:*:*:*
cpe:2.3:a:kde:kdelibs:4.11.80:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:kde:kdelibs:4.11.80:*:*:*:*:*:*:*
cpe:2.3:a:kde:kdelibs:4.11.90:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:kde:kdelibs:4.11.90:*:*:*:*:*:*:*
cpe:2.3:a:kde:kdelibs:4.11.95:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:kde:kdelibs:4.11.95:*:*:*:*:*:*:*
cpe:2.3:a:kde:kdelibs:4.11.97:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:kde:kdelibs:4.11.97:*:*:*:*:*:*:*
cpe:2.3:a:kde:kdelibs:4.12.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:kde:kdelibs:4.12.0:*:*:*:*:*:*:*
cpe:2.3:a:kde:kdelibs:4.12.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:kde:kdelibs:4.12.1:*:*:*:*:*:*:*
cpe:2.3:a:kde:kdelibs:4.12.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:kde:kdelibs:4.12.2:*:*:*:*:*:*:*
cpe:2.3:a:kde:kdelibs:4.12.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:kde:kdelibs:4.12.3:*:*:*:*:*:*:*
cpe:2.3:a:kde:kdelibs:4.12.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:kde:kdelibs:4.12.4:*:*:*:*:*:*:*
cpe:2.3:a:kde:kdelibs:4.12.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:kde:kdelibs:4.12.5:*:*:*:*:*:*:*
cpe:2.3:a:kde:kdelibs:4.12.80:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:kde:kdelibs:4.12.80:*:*:*:*:*:*:*
cpe:2.3:a:kde:kdelibs:4.12.90:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:kde:kdelibs:4.12.90:*:*:*:*:*:*:*
cpe:2.3:a:kde:kdelibs:4.12.95:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:kde:kdelibs:4.12.95:*:*:*:*:*:*:*
cpe:2.3:a:kde:kdelibs:4.12.97:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:kde:kdelibs:4.12.97:*:*:*:*:*:*:*
cpe:2.3:a:kde:kdelibs:4.13.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:kde:kdelibs:4.13.0:*:*:*:*:*:*:*
cpe:2.3:a:kde:kdelibs:4.13.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:kde:kdelibs:4.13.1:*:*:*:*:*:*:*
cpe:2.3:a:kde:kdelibs:4.13.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:kde:kdelibs:4.13.2:*:*:*:*:*:*:*
cpe:2.3:a:kde:kdelibs:4.13.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:kde:kdelibs:4.13.3:*:*:*:*:*:*:*
cpe:2.3:a:kde:kdelibs:4.13.80:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:kde:kdelibs:4.13.80:*:*:*:*:*:*:*
cpe:2.3:a:kde:kdelibs:4.13.90:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:kde:kdelibs:4.13.90:*:*:*:*:*:*:*
cpe:2.3:a:kde:kdelibs:4.13.95:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:kde:kdelibs:4.13.95:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
CVE-2014-5033 https://nvd.nist.gov/vuln/detail/CVE-2014-5033
RHSA-2014:1359 https://access.redhat.com/errata/RHSA-2014:1359
USN-2304-1 https://usn.ubuntu.com/2304-1/
No exploits are available.
Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C Found at https://nvd.nist.gov/vuln/detail/CVE-2014-5033
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.06331
EPSS Score 0.00034
Published At March 30, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.