Published: 03/10/2013 Updated: 31/01/2022

CVSS v2 Base Score: 6.9 | Impact Score: 10 | Exploitability Score: 3.4

VMScore: 614

Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C

systemd does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288.

Vulnerable Product	Search on Vulmon	Subscribe to Product
systemd project systemd
debian debian linux 7.0
canonical ubuntu linux 13.04

Debian Bug report logs - #723713 systemd: CVE-2013-4327 Package: systemd; Maintainer for systemd is Debian systemd Maintainers <pkg-systemd-maintainers@listsaliothdebianorg>; Source for systemd is src:systemd (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@inutilorg> Date: Thu, 19 Sep 2013 05:48:02 UTC ...

systemd could be tricked into bypassing polkit authorizations ...

systemd does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288 ...

CWE-362 http://www.ubuntu.com/usn/USN-1961-1 https://bugzilla.redhat.com/show_bug.cgi?id=1006680 http://www.openwall.com/lists/oss-security/2013/09/18/6 http://www.debian.org/security/2013/dsa-2777 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=723713 https://usn.ubuntu.com/1961-1/https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2013-4327

CVE-2013-4327

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect