Back to search
CVE-2013-4288
Published: Oct 3, 2013
Modified: Aug 6, 2024
PUBLISHED
Description
Race condition in PolicyKit (aka polkit) allows local users to bypass intended PolicyKit restrictions and gain privileges by starting a setuid or pkexec process before the authorization check is performed, related to (1) the polkit_unix_process_new API function, (2) the dbus API, or (3) the --process (unix-process) option for authorization to pkcheck.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
openSUSE-SU-2013:1528
vendor-advisory
x_refsource_SUSE
RHSA-2013:1270
vendor-advisory
x_refsource_REDHAT
openSUSE-SU-2013:1527
vendor-advisory
x_refsource_SUSE
[oss-security] 20130918 Fwd: [vs-plain] polkit races
mailing-list
x_refsource_MLIST
[oss-security] 20130918 Re: Fwd: [vs-plain] polkit races
mailing-list
x_refsource_MLIST
openSUSE-SU-2013:1617
vendor-advisory
x_refsource_SUSE
openSUSE-SU-2013:1620
vendor-advisory
x_refsource_SUSE
RHSA-2013:1460
vendor-advisory
x_refsource_REDHAT
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=1002375
x_refsource_MISC
USN-1953-1
vendor-advisory
x_refsource_UBUNTU
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now