CVE-2013-4288

Race condition in PolicyKit (aka polkit) allows local users to bypass intended PolicyKit restrictions and gain privileges by starting a setuid or pkexec process before the authorization check is performed, related to (1) the polkit_unix_process_new API function, (2) the dbus API, or (3) the --process (unix-process) option for authorization to pkcheck.
Race Condition
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.2 UNKNOWN
LOCAL
LOW
AV:L/AC:L/Au:N/C:C/I:C/A:C
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 13%
VendorProductVersion
opensuseopensuse
12.2
opensuseopensuse
12.3
polkit_projectpolkit
𝑥
< 0.112.1
canonicalubuntu_linux
10.04
canonicalubuntu_linux
12.04
canonicalubuntu_linux
12.10
canonicalubuntu_linux
13.04
redhatenterprise_linux
6.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
policykit-1
bullseye (security)
0.105-31+deb11u1
fixed
bullseye
0.105-31+deb11u1
fixed
squeeze
no-dsa
wheezy
no-dsa
bookworm
122-3
fixed
sid
125-2
fixed
trixie
125-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
policykit-1
raring
Fixed 0.105-1ubuntu1.1
released
quantal
Fixed 0.104-2ubuntu1.1
released
precise
Fixed 0.104-1ubuntu1.1
released
lucid
Fixed 0.96-2ubuntu0.2
released
Common Weakness Enumeration
References
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=1002375
http://lists.opensuse.org/opensuse-updates/2013-10/msg00004.html
http://lists.opensuse.org/opensuse-updates/2013-10/msg00005.html
http://lists.opensuse.org/opensuse-updates/2013-10/msg00062.html
http://lists.opensuse.org/opensuse-updates/2013-11/msg00000.html
http://rhn.redhat.com/errata/RHSA-2013-1270.html
http://rhn.redhat.com/errata/RHSA-2013-1460.html
http://seclists.org/oss-sec/2013/q3/626
http://www.openwall.com/lists/oss-security/2013/09/18/4
http://www.ubuntu.com/usn/USN-1953-1
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=1002375
http://lists.opensuse.org/opensuse-updates/2013-10/msg00004.html
http://lists.opensuse.org/opensuse-updates/2013-10/msg00005.html
http://lists.opensuse.org/opensuse-updates/2013-10/msg00062.html
http://lists.opensuse.org/opensuse-updates/2013-11/msg00000.html
http://rhn.redhat.com/errata/RHSA-2013-1270.html
http://rhn.redhat.com/errata/RHSA-2013-1460.html
http://seclists.org/oss-sec/2013/q3/626
http://www.openwall.com/lists/oss-security/2013/09/18/4
http://www.ubuntu.com/usn/USN-1953-1