The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of KAuth: privilege escalation via UnixProcess

Synthesis of the vulnerability 

A local attacker can bypass the KAuth authentication, in order to escalate his privileges.
Impacted software: Debian, Fedora, openSUSE, RHEL, Ubuntu, Unix (platform) ~ not comprehensive.
Severity of this computer vulnerability: 2/4.
Creation date: 21/07/2014.
Références of this announce: 864716, CVE-2014-5033, DSA-3004-1, FEDORA-2014-11348, FEDORA-2014-11448, FEDORA-2014-9602, FEDORA-2014-9641, openSUSE-SU-2014:0981-1, RHSA-2014:1359-01, USN-2304-1, VIGILANCE-VUL-15076.

Description of the vulnerability 

The KAuth authentication service of KDE uses the PolicyKit backend. The PolicyKit feature defines a security policy, so unprivileged processes are allowed to communicate with privileged processes.

However, PolicyKit uses UnixProcess to obtain the UID of the process requesting the authentication, which is subject to a race condition.

A local attacker can therefore bypass the KAuth authentication, in order to escalate his privileges.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This weakness alert impacts software or systems such as Debian, Fedora, openSUSE, RHEL, Ubuntu, Unix (platform) ~ not comprehensive.

Our Vigil@nce team determined that the severity of this computer vulnerability note is medium.

The trust level is of type confirmed by the editor, with an origin of user shell.

An attacker with a expert ability can exploit this security bulletin.

Solutions for this threat 

KAuth: patch for UnixProcess.
A patch is available in information sources.

Debian: new kde4libs packages.
New packages are available:
  Debian 7: kde4libs 4:4.8.4-4+deb7u1

Fedora 19: new kdelibs packages.
New packages are available:
  Fedora 19: kdelibs 4.11.5-5.fc19

Fedora 20: new kde-runtime packages.
New packages are available:
  Fedora 20: kde-runtime 4.14.1-1.fc20

Fedora: new polkit-qt packages.
New packages are available:
  Fedora 19: polkit-qt 0.112.0-1.fc19
  Fedora 20: polkit-qt 0.112.0-1.fc20

openSUSE: new kdelibs4 packages.
New packages are available:
  openSUSE 13.1: kdelibs4 4.11.5-484.1, kdebase4-workspace 4.11.11-115.3

RHEL 7.0: new polkit-qt packages.
New packages are available:
  RHEL 7: polkit-qt 0.103.0-10.el7_0

Ubuntu: new KDE-Libs packages.
New packages are available:
  Ubuntu 14.04 LTS: kdelibs5-plugins 4:4.13.2a-0ubuntu0.3
  Ubuntu 12.04 LTS: kdelibs5-plugins 4:4.8.5-0ubuntu0.4
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides a systems vulnerabilities workaround. The Vigil@nce security watch publishes vulnerability bulletins about threats impacting the information system.