Vulnerabilities > CVE-2014-5033 - Race Condition vulnerability in multiple products
Attack vector
LOCAL Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
KDE kdelibs before 4.14 and kauth before 5.1 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, related to CVE-2013-4288 and "PID reuse race conditions."
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Leveraging Race Conditions This attack targets a race condition occurring when multiple processes access and manipulate the same resource concurrently and the outcome of the execution depends on the particular order in which the access takes place. The attacker can leverage a race condition by "running the race", modifying the resource and modifying the normal execution flow. For instance a race condition can occur while accessing a file, the attacker can trick the system by replacing the original file with his version and cause the system to read the malicious file.
- Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions This attack targets a race condition occurring between the time of check (state) for a resource and the time of use of a resource. The typical example is the file access. The attacker can leverage a file access race condition by "running the race", meaning that he would modify the resource between the first time the target program accesses the file and the time the target program uses the file. During that period of time, the attacker could do something such as replace the file and cause an escalation of privilege.
Nessus
NASL family SuSE Local Security Checks NASL id OPENSUSE-2014-485.NASL description KDE4 Libraries and Workspace received a security fix to fix a race condition in DBUS/Polkit authorization, where local attackers could potentially call root KDE services without proper authenticiation. (CVE-2014-5033) Additionaly a interlaced GIF display bug in KHTML was fixed. (kde#330148) This update also includes a kdebase4-workspace minor version update to 4.11.11 with various bugfixes. last seen 2020-06-05 modified 2014-08-12 plugin id 77129 published 2014-08-12 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/77129 title openSUSE Security Update : kdelibs4 (openSUSE-SU-2014:0981-1) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2014-1359.NASL description Updated polkit-qt packages that fix one security issue are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Polkit-qt is a library that lets developers use the PolicyKit API through a Qt-styled API. The polkit-qt library is used by the KDE Authentication Agent (KAuth), which is a part of kdelibs. It was found that polkit-qt handled authorization requests with PolicyKit via a D-Bus API that is vulnerable to a race condition. A local user could use this flaw to bypass intended PolicyKit authorizations. This update modifies polkit-qt to communicate with PolicyKit via a different API that is not vulnerable to the race condition. (CVE-2014-5033) All polkit-qt users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 78070 published 2014-10-07 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/78070 title CentOS 7 : polkit-qt (CESA-2014:1359) NASL family Fedora Local Security Checks NASL id FEDORA_2014-11448.NASL description KDE released updates for its Applications and Development Platform, the first in a series of monthly stabilization updates to the 4.14 series. This update also includes the latest stable calligra-2.8.6 and digikam-4.3.0 releases. See also http://kde.org/announcements/4.14/ , http://kde.org/announcements/announce-4.14.1.php , https://www.calligra.org/news/calligra-2-8-6-released/ , https://www.digikam.org/node/718 The update also addresses CVE-2014-5033, fixed in kdelibs last seen 2020-03-17 modified 2014-09-29 plugin id 77937 published 2014-09-29 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/77937 title Fedora 20 : akonadi-1.13.0-2.fc20 / amor-4.14.1-1.fc20 / analitza-4.14.1-1.fc20 / ark-4.14.1-1.fc20 / etc (2014-11448) NASL family Debian Local Security Checks NASL id DEBIAN_DLA-76.NASL description It was discovered that KAuth, part of kdelibs, uses polkit in a way that is prone to a race condition that may allow authorization bypass. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2015-03-26 plugin id 82221 published 2015-03-26 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/82221 title Debian DLA-76-1 : kde4libs security update NASL family Debian Local Security Checks NASL id DEBIAN_DSA-3004.NASL description Sebastian Krahmer discovered that Kauth used Policykit insecurely by relying on the process ID. This could result in privilege escalation. last seen 2020-03-17 modified 2014-08-12 plugin id 77123 published 2014-08-12 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/77123 title Debian DSA-3004-1 : kde4libs - security update NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_2F90556F18C611E49CC45453ED2E2B49.NASL description Martin Sandsmark reports : The KAuth framework uses polkit-1 API which tries to authenticate using the requestors PID. This is prone to PID reuse race conditions. This potentially allows a malicious application to pose as another for authentication purposes when executing privileged actions. last seen 2020-06-01 modified 2020-06-02 plugin id 76951 published 2014-08-01 reporter This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/76951 title FreeBSD : kdelibs -- KAuth PID Reuse Flaw (2f90556f-18c6-11e4-9cc4-5453ed2e2b49) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2014-1359.NASL description Updated polkit-qt packages that fix one security issue are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Polkit-qt is a library that lets developers use the PolicyKit API through a Qt-styled API. The polkit-qt library is used by the KDE Authentication Agent (KAuth), which is a part of kdelibs. It was found that polkit-qt handled authorization requests with PolicyKit via a D-Bus API that is vulnerable to a race condition. A local user could use this flaw to bypass intended PolicyKit authorizations. This update modifies polkit-qt to communicate with PolicyKit via a different API that is not vulnerable to the race condition. (CVE-2014-5033) All polkit-qt users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 78073 published 2014-10-07 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/78073 title RHEL 7 : polkit-qt (RHSA-2014:1359) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2014-1359.NASL description From Red Hat Security Advisory 2014:1359 : Updated polkit-qt packages that fix one security issue are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Polkit-qt is a library that lets developers use the PolicyKit API through a Qt-styled API. The polkit-qt library is used by the KDE Authentication Agent (KAuth), which is a part of kdelibs. It was found that polkit-qt handled authorization requests with PolicyKit via a D-Bus API that is vulnerable to a race condition. A local user could use this flaw to bypass intended PolicyKit authorizations. This update modifies polkit-qt to communicate with PolicyKit via a different API that is not vulnerable to the race condition. (CVE-2014-5033) All polkit-qt users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 78072 published 2014-10-07 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/78072 title Oracle Linux 7 : polkit-qt (ELSA-2014-1359) NASL family Fedora Local Security Checks NASL id FEDORA_2014-11348.NASL description The update has a fix for CVE-2014-5033, KAuth was calling PolicyKit 1 (polkit) in an insecure way. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2014-10-11 plugin id 78241 published 2014-10-11 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/78241 title Fedora 19 : kdelibs-4.11.5-5.fc19 (2014-11348) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-2304-1.NASL description It was discovered that kauth was using polkit in an unsafe manner. A local attacker could possibly use this issue to bypass intended polkit authorizations. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 76962 published 2014-08-01 reporter Ubuntu Security Notice (C) 2014-2019 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/76962 title Ubuntu 12.04 LTS / 14.04 LTS : kde4libs vulnerability (USN-2304-1) NASL family Fedora Local Security Checks NASL id FEDORA_2014-9641.NASL description updated to the new release of polkit-qt Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2014-09-22 plugin id 77772 published 2014-09-22 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/77772 title Fedora 20 : polkit-qt-0.112.0-1.fc20 (2014-9641) NASL family Fedora Local Security Checks NASL id FEDORA_2014-9602.NASL description updated to the new release of polkit-qt Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2014-09-22 plugin id 77771 published 2014-09-22 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/77771 title Fedora 19 : polkit-qt-0.112.0-1.fc19 (2014-9602)
Redhat
| advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| rpms |
|
References
- http://lists.opensuse.org/opensuse-updates/2014-08/msg00012.html
- http://quickgit.kde.org/?p=kauth.git&a=commit&h=341b7d84b6d9c03cf56905cb277b47e11c81482a
- http://quickgit.kde.org/?p=kdelibs.git&a=commitdiff&h=e4e7b53b71e2659adaf52691d4accc3594203b23
- http://rhn.redhat.com/errata/RHSA-2014-1359.html
- http://secunia.com/advisories/60385
- http://secunia.com/advisories/60633
- http://secunia.com/advisories/60654
- http://www.debian.org/security/2014/dsa-3004
- http://www.kde.org/info/security/advisory-20140730-1.txt
- http://www.ubuntu.com/usn/USN-2304-1