Published: 03/10/2013 Updated: 13/02/2023

CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9

VMScore: 641

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Race condition in PolicyKit (aka polkit) allows local users to bypass intended PolicyKit restrictions and gain privileges by starting a setuid or pkexec process before the authorization check is performed, related to (1) the polkit_unix_process_new API function, (2) the dbus API, or (3) the --process (unix-process) option for authorization to pkcheck.

Vulnerable Product	Search on Vulmon	Subscribe to Product
opensuse opensuse 12.3
opensuse opensuse 12.2
polkit project polkit
canonical ubuntu linux 13.04
redhat enterprise linux 6.0
canonical ubuntu linux 12.10
canonical ubuntu linux 12.04
canonical ubuntu linux 10.04

Synopsis Important: polkit security update Type/Severity Security Advisory: Important Topic Updated polkit packages that fix one security issue are now available forRed Hat Enterprise Linux 6The Red Hat Security Response Team has rated this update as havingimportant security impact A Common Vulnerability ...

polkit could be tricked into giving out improper authorization ...

Debian Bug report logs - #903563 polkit: CVE-2018-1116: polkitd trusting client-supplied UID allows spoofed authentication dialogs Package: policykit-1; Maintainer for policykit-1 is Utopia Maintenance Team <pkg-utopia-maintainers@listsaliothdebianorg>; Source for policykit-1 is src:policykit-1 (PTS, buildd, popcon) Repor ...

Debian Bug report logs - #727101 libvirt: CVE-2013-4400 / CVE-2013-4401 Package: libvirt; Maintainer for libvirt is Debian Libvirt Maintainers <pkg-libvirt-maintainers@listsaliothdebianorg>; Reported by: Moritz Muehlenhoff <jmm@inutilorg> Date: Tue, 22 Oct 2013 10:15:01 UTC Severity: important Tags: patch, securi ...

Debian Bug report logs - #723717 policykit-1: CVE-2013-4288 Package: policykit-1; Maintainer for policykit-1 is Utopia Maintenance Team <pkg-utopia-maintainers@listsaliothdebianorg>; Source for policykit-1 is src:policykit-1 (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@inutilorg> Date: Thu, 19 Sep 2 ...

Race condition in PolicyKit (aka polkit) allows local users to bypass intended PolicyKit restrictions and gain privileges by starting a setuid or pkexec process before the authorization check is performed, related to (1) the polkit_unix_process_new API function, (2) the dbus API, or (3) the --process (unix-process) option for authorization to pkche ...

CWE-362 http://www.ubuntu.com/usn/USN-1953-1 http://rhn.redhat.com/errata/RHSA-2013-1270.html http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=1002375 http://www.openwall.com/lists/oss-security/2013/09/18/4 http://seclists.org/oss-sec/2013/q3/626 http://lists.opensuse.org/opensuse-updates/2013-10/msg00004.html http://lists.opensuse.org/opensuse-updates/2013-10/msg00005.html http://rhn.redhat.com/errata/RHSA-2013-1460.html http://lists.opensuse.org/opensuse-updates/2013-10/msg00062.html http://lists.opensuse.org/opensuse-updates/2013-11/msg00000.html https://access.redhat.com/errata/RHSA-2013:1270 https://usn.ubuntu.com/1953-1/https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2013-4288

CVE-2013-4288

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect