CVE-2017-7572

Published: Apr 6, 2017

Modified: Sep 16, 2024

PUBLISHED

Description

The _checkPolkitPrivilege function in serviceHelper.py in Back In Time (aka backintime) 1.1.18 and earlier uses a deprecated polkit authorization method (unix-process) that is subject to a race condition (time of check, time of use). With this authorization method, the owner of a process requesting a polkit operation is checked by polkitd via /proc/<pid>/status, by which time the requesting process may have been replaced by a different process with the same PID that has different privileges then the original requester.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/bit-team/backintime/commit/7f208dc547f569b689c888103e3b593a48cd1869

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2017-7572

Description

Affected Products

References