{"id":"UBUNTU-CVE-2014-5033","details":"KDE kdelibs before 4.14 and kauth before 5.1 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, related to CVE-2013-4288 and \"PID reuse race conditions.\"","modified":"2026-04-22T09:46:41.186421Z","published":"2014-07-23T00:00:00Z","related":["USN-2304-1"],"upstream":["CVE-2014-5033"],"references":[{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2014-5033"},{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-2304-1"},{"type":"REPORT","url":"https://www.cve.org/CVERecord?id=CVE-2014-5033"}],"affected":[{"package":{"name":"kde4libs","ecosystem":"Ubuntu:14.04:LTS","purl":"pkg:deb/ubuntu/kde4libs@4:4.13.2a-0ubuntu0.3?arch=source&distro=trusty"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4:4.13.2a-0ubuntu0.3"}]}],"versions":["4:4.11.2-0ubuntu2","4:4.11.2-0ubuntu3","4:4.11.2-0ubuntu4","4:4.11.80-0ubuntu1","4:4.11.95-0ubuntu1","4:4.11.97-0ubuntu1","4:4.11.97-0ubuntu2","4:4.12.0-0ubuntu1","4:4.12.1-0ubuntu1","4:4.12.2-0ubuntu1","4:4.12.2-0ubuntu2","4:4.12.3-0ubuntu1","4:4.12.90-0ubuntu1","4:4.12.95-0ubuntu1","4:4.12.97-0ubuntu1","4:4.13.0-0ubuntu1","4:4.13.0-0ubuntu1.1","4:4.13.1-0ubuntu0.1","4:4.13.1-0ubuntu0.2","4:4.13.2a-0ubuntu0.2"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_version":"4:4.13.2a-0ubuntu0.3","binary_name":"kdelibs-bin"},{"binary_version":"4:4.13.2a-0ubuntu0.3","binary_name":"kdelibs5-data"},{"binary_version":"4:4.13.2a-0ubuntu0.3","binary_name":"kdelibs5-plugins"},{"binary_version":"4:4.13.2a-0ubuntu0.3","binary_name":"kdoctools"},{"binary_version":"4:4.13.2a-0ubuntu0.3","binary_name":"libkcmutils4"},{"binary_version":"4:4.13.2a-0ubuntu0.3","binary_name":"libkde3support4"},{"binary_version":"4:4.13.2a-0ubuntu0.3","binary_name":"libkdeclarative5"},{"binary_version":"4:4.13.2a-0ubuntu0.3","binary_name":"libkdecore5"},{"binary_version":"4:4.13.2a-0ubuntu0.3","binary_name":"libkdesu5"},{"binary_version":"4:4.13.2a-0ubuntu0.3","binary_name":"libkdeui5"},{"binary_version":"4:4.13.2a-0ubuntu0.3","binary_name":"libkdewebkit5"},{"binary_version":"4:4.13.2a-0ubuntu0.3","binary_name":"libkdnssd4"},{"binary_version":"4:4.13.2a-0ubuntu0.3","binary_name":"libkemoticons4"},{"binary_version":"4:4.13.2a-0ubuntu0.3","binary_name":"libkfile4"},{"binary_version":"4:4.13.2a-0ubuntu0.3","binary_name":"libkhtml5"},{"binary_version":"4:4.13.2a-0ubuntu0.3","binary_name":"libkidletime4"},{"binary_version":"4:4.13.2a-0ubuntu0.3","binary_name":"libkimproxy4"},{"binary_version":"4:4.13.2a-0ubuntu0.3","binary_name":"libkio5"},{"binary_version":"4:4.13.2a-0ubuntu0.3","binary_name":"libkjsapi4"},{"binary_version":"4:4.13.2a-0ubuntu0.3","binary_name":"libkjsembed4"},{"binary_version":"4:4.13.2a-0ubuntu0.3","binary_name":"libkmediaplayer4"},{"binary_version":"4:4.13.2a-0ubuntu0.3","binary_name":"libknewstuff2-4"},{"binary_version":"4:4.13.2a-0ubuntu0.3","binary_name":"libknewstuff3-4"},{"binary_version":"4:4.13.2a-0ubuntu0.3","binary_name":"libknotifyconfig4"},{"binary_version":"4:4.13.2a-0ubuntu0.3","binary_name":"libkntlm4"},{"binary_version":"4:4.13.2a-0ubuntu0.3","binary_name":"libkparts4"},{"binary_version":"4:4.13.2a-0ubuntu0.3","binary_name":"libkprintutils4"},{"binary_version":"4:4.13.2a-0ubuntu0.3","binary_name":"libkpty4"},{"binary_version":"4:4.13.2a-0ubuntu0.3","binary_name":"libkrosscore4"},{"binary_version":"4:4.13.2a-0ubuntu0.3","binary_name":"libkrossui4"},{"binary_version":"4:4.13.2a-0ubuntu0.3","binary_name":"libktexteditor4"},{"binary_version":"4:4.13.2a-0ubuntu0.3","binary_name":"libkunitconversion4"},{"binary_version":"4:4.13.2a-0ubuntu0.3","binary_name":"libkutils4"},{"binary_version":"4:4.13.2a-0ubuntu0.3","binary_name":"libnepomuk4"},{"binary_version":"4:4.13.2a-0ubuntu0.3","binary_name":"libnepomukquery4a"},{"binary_version":"4:4.13.2a-0ubuntu0.3","binary_name":"libnepomukutils4"},{"binary_version":"4:4.13.2a-0ubuntu0.3","binary_name":"libplasma3"},{"binary_version":"4:4.13.2a-0ubuntu0.3","binary_name":"libsolid4"},{"binary_version":"4:4.13.2a-0ubuntu0.3","binary_name":"libthreadweaver4"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2014/UBUNTU-CVE-2014-5033.json"}}],"schema_version":"1.7.5","severity":[{"type":"Ubuntu","score":"medium"}]}