CVE-2014-5033

Related Files

Red Hat Security Advisory 2014-1359-01

Posted Oct 6, 2014

Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1359-01 - Polkit-qt is a library that lets developers use the PolicyKit API through a Qt-styled API. The polkit-qt library is used by the KDE Authentication Agent, which is a part of kdelibs. It was found that polkit-qt handled authorization requests with PolicyKit via a D-Bus API that is vulnerable to a race condition. A local user could use this flaw to bypass intended PolicyKit authorizations. This update modifies polkit-qt to communicate with PolicyKit via a different API that is not vulnerable to the race condition. All polkit-qt users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.

tags | advisory, local

systems | linux, redhat

advisories | CVE-2014-5033

SHA-256 | 0fee47ca432cafc7ca8247b552b997a272c16bd14b4202c52afa29007073c237

Download | Favorite | View

Debian Security Advisory 3004-1

Posted Aug 11, 2014

Authored by Debian | Site debian.org

Debian Linux Security Advisory 3004-1 - Sebastian Krahmer discovered that Kauth used Policykit insecurely by relying on the process ID. This could result in privilege escalation.

tags | advisory

systems | linux, debian

advisories | CVE-2014-5033

SHA-256 | d0cbf458524a741d0147e2a9d3c8ef942e1891f292b0643d4d3b5cc91c430659

Download | Favorite | View

Ubuntu Security Notice USN-2304-1

Posted Jul 31, 2014

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2304-1 - It was discovered that kauth was using polkit in an unsafe manner. A local attacker could possibly use this issue to bypass intended polkit authorizations.

tags | advisory, local

systems | linux, ubuntu

advisories | CVE-2014-5033

SHA-256 | 7c89b70af19ac1649bedc4af2973ae7a0695ffbea57fdb9ce67c26a5df6ad153

Download | Favorite | View