CVE-2014-5033

KDE kdelibs before 4.14 and kauth before 5.1 does not properly use D-Bus
for communication with a polkit authority, which allows local users to
bypass intended access restrictions by leveraging a PolkitUnixProcess
PolkitSubject race condition via a (1) setuid process or (2) pkexec
process, related to CVE-2013-4288 and “PID reuse race conditions.”

Bugs

• <https://bugzilla.novell.com/show_bug.cgi?id=864716&gt;
• <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=755814&gt;
• <https://bugs.launchpad.net/ubuntu/+source/kde4libs/+bug/1350019&gt;