Published: 03/10/2013 Updated: 17/06/2019

CVSS v2 Base Score: 4.6 | Impact Score: 6.4 | Exploitability Score: 3.9

VMScore: 409

Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

spice-gtk 0.14, and possibly other versions, invokes the polkit authority using the insecure polkit_unix_process_new API function, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288.

Vulnerable Product	Search on Vulmon	Subscribe to Product
spice-gtk project spice-gtk 0.14
redhat enterprise linux 6.0

Synopsis Important: spice-gtk security update Type/Severity Security Advisory: Important Topic Updated spice-gtk packages that fix one security issue are now availablefor Red Hat Enterprise Linux 6The Red Hat Security Response Team has rated this update as havingimportant security impact A Common Vulnerab ...

spice-gtk 014, and possibly other versions, invokes the polkit authority using the insecure polkit_unix_process_new API function, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288 ...

CWE-264 http://www.openwall.com/lists/oss-security/2013/09/18/6 http://www.securityfocus.com/bid/62538 http://secunia.com/advisories/54947 http://rhn.redhat.com/errata/RHSA-2013-1273.html http://lists.opensuse.org/opensuse-updates/2013-10/msg00031.html https://access.redhat.com/errata/RHSA-2013:1273 https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2013-4324

CVE-2013-4324

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect