CVE-2014-5033 – polkit-qt: insecure calling of polkit

https://notcve.org/view.php?id=CVE-2014-5033

31 Jul 2014 — KDE kdelibs before 4.14 and kauth before 5.1 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, related to CVE-2013-4288 and "PID reuse race conditions." KDE kdelibs anterior a 4.14 y kauth anterior a 5.1 no utilizan debidamente D-Bus para la comunicación con una autoridad polkit, lo que permite a usuarios locales e... • http://lists.opensuse.org/opensuse-updates/2014-08/msg00012.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •