CVE-2013-1061
03.10.2013, 21:55
dbus/SoftwarePropertiesDBus.py in Software Properties 0.92.17 before 0.92.17.3, 0.92.9 before 0.92.9.3, and 0.82.7 before 0.82.7.5 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288.Enginsight
| Vendor | Product | Version |
|---|---|---|
| marc_deslauriers | software-properties | 0.82.7 |
| marc_deslauriers | software-properties | 0.82.7.1 |
| marc_deslauriers | software-properties | 0.82.7.2 |
| marc_deslauriers | software-properties | 0.82.7.3 |
| marc_deslauriers | software-properties | 0.82.7.4 |
| marc_deslauriers | software-properties | 0.92.9 |
| marc_deslauriers | software-properties | 0.92.9.1 |
| marc_deslauriers | software-properties | 0.92.9.2 |
| marc_deslauriers | software-properties | 0.92.17 |
| marc_deslauriers | software-properties | 0.92.17.1 |
| marc_deslauriers | software-properties | 0.92.17.2 |
| canonical | ubuntu_linux | 12.04 |
| canonical | ubuntu_linux | 12.10 |
| canonical | ubuntu_linux | 13.04 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
Common Weakness Enumeration
References