backend.py in Jockey prior to 0.9.7-0ubuntu7.11 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
martin pitt jockey |
||
martin pitt jockey 0.9.7-0ubuntu7.8 |
||
martin pitt jockey 0.9.7-0ubuntu7.1 |
||
martin pitt jockey 0.9.7-0ubuntu7.6 |
||
martin pitt jockey 0.9.7-0ubuntu7.5 |
||
martin pitt jockey 0.9.7-0ubuntu7.4 |
||
martin pitt jockey 0.9.7-0ubuntu7.3 |
||
martin pitt jockey 0.9.7-0ubuntu7.9 |
||
martin pitt jockey 0.9.7-0ubuntu7.7 |
||
martin pitt jockey 0.9.7-0ubuntu7.2 |
||
martin pitt jockey 0.9.7-0ubuntu7 |
||
canonical ubuntu linux 12.04 |