https://bugzilla.novell.com/show_bug.cgi?id=864716
https://bugzilla.novell.com/show_bug.cgi?id=864716#c41
--- Comment #41 from Sebastian Krahmer krahmer@suse.com 2014-07-16 13:33:16 UTC --- Two examples of vulnerable KDE services are:
/usr/share/dbus-1/system-services/org.kde.fontinst.service or /usr/share/dbus-1/system-services/org.kde.kcontrol.kcmclock.service
which can be DBUs-activated by users to run as root and which use KAuth to check whether this user would be allowed to do that action. This check can by bypassed since process-subject, as used by KAuth, is racy. Please refer to
CVE-2013-4288 and the followups CVE-2013-4311, CVE-2013-4324, CVE-2013-4325, CVE-2013-4326 and CVE-2013-4327 which all fix exactly the same issue.