CVE-2013-4288

Race condition in PolicyKit (aka polkit) allows local users to bypass intended PolicyKit restrictions and gain privileges by starting a setuid or pkexec process before the authorization check is performed, related to (1) the polkit_unix_process_new API function, (2) the dbus API, or (3) the --process (unix-process) option for authorization to pkcheck.
Race Condition
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.2 UNKNOWN
LOCAL
LOW
AV:L/AC:L/Au:N/C:C/I:C/A:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 14%
Affected Products (NVD)
VendorProductVersion
opensuseopensuse
12.2
opensuseopensuse
12.3
polkit_projectpolkit
𝑥
< 0.112.1
canonicalubuntu_linux
10.04
canonicalubuntu_linux
12.04
canonicalubuntu_linux
12.10
canonicalubuntu_linux
13.04
redhatenterprise_linux
6.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
policykit-1
bookworm
122-3
fixed
bullseye
0.105-31+deb11u1
fixed
bullseye (security)
0.105-31+deb11u1
fixed
sid
125-2
fixed
squeeze
no-dsa
trixie
125-2
fixed
wheezy
no-dsa
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
policykit-1
lucid
Fixed 0.96-2ubuntu0.2
released
precise
Fixed 0.104-1ubuntu1.1
released
quantal
Fixed 0.104-2ubuntu1.1
released
raring
Fixed 0.105-1ubuntu1.1
released
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
libpolkit0
suse enterprise desktop 15
0.114-1.12
fixed
suse enterprise desktop 15 SP1
0.114-3.6.1
fixed
suse enterprise sap 12 SP5
0.113-5.18.1
fixed
suse enterprise sap 15
0.114-1.12
fixed
suse enterprise sap 15 SP1
0.114-3.6.1
fixed
suse enterprise server 12 SP5
0.113-5.18.1
fixed
suse enterprise server 15
0.114-1.12
fixed
suse enterprise server 15 SP1
0.114-3.6.1
fixed
libsystemd0-228
suse enterprise sap 12 SP5
155.21
fixed
suse enterprise server 12 SP5
155.21
fixed
libsystemd0-234
suse enterprise desktop 15
22.3
fixed
suse enterprise desktop 15 SP1
24.25.1
fixed
suse enterprise sap 15
22.3
fixed
suse enterprise sap 15 SP1
24.25.1
fixed
suse enterprise server 15
22.3
fixed
suse enterprise server 15 SP1
24.25.1
fixed
libsystemd0-32bit-228
suse enterprise sap 12 SP5
155.21
fixed
suse enterprise server 12 SP5
155.21
fixed
libsystemd0-32bit-234
suse enterprise desktop 15
22.3
fixed
suse enterprise desktop 15 SP1
24.25.1
fixed
suse enterprise sap 15
22.3
fixed
suse enterprise sap 15 SP1
24.25.1
fixed
suse enterprise server 15
22.3
fixed
suse enterprise server 15 SP1
24.25.1
fixed
libudev-devel-234
suse enterprise desktop 15
22.3
fixed
suse enterprise desktop 15 SP1
24.25.1
fixed
suse enterprise sap 15
22.3
fixed
suse enterprise sap 15 SP1
24.25.1
fixed
suse enterprise server 15
22.3
fixed
suse enterprise server 15 SP1
24.25.1
fixed
libudev1-228
suse enterprise sap 12 SP5
155.21
fixed
suse enterprise server 12 SP5
155.21
fixed
libudev1-234
suse enterprise desktop 15
22.3
fixed
suse enterprise desktop 15 SP1
24.25.1
fixed
suse enterprise sap 15
22.3
fixed
suse enterprise sap 15 SP1
24.25.1
fixed
suse enterprise server 15
22.3
fixed
suse enterprise server 15 SP1
24.25.1
fixed
libudev1-32bit-228
suse enterprise sap 12 SP5
155.21
fixed
suse enterprise server 12 SP5
155.21
fixed
libudev1-32bit-234
suse enterprise desktop 15
22.3
fixed
suse enterprise desktop 15 SP1
24.25.1
fixed
suse enterprise sap 15
22.3
fixed
suse enterprise sap 15 SP1
24.25.1
fixed
suse enterprise server 15
22.3
fixed
suse enterprise server 15 SP1
24.25.1
fixed
polkit
suse enterprise desktop 15
0.114-1.12
fixed
suse enterprise desktop 15 SP1
0.114-3.6.1
fixed
suse enterprise sap 12 SP5
0.113-5.18.1
fixed
suse enterprise sap 15
0.114-1.12
fixed
suse enterprise sap 15 SP1
0.114-3.6.1
fixed
suse enterprise server 12 SP5
0.113-5.18.1
fixed
suse enterprise server 15
0.114-1.12
fixed
suse enterprise server 15 SP1
0.114-3.6.1
fixed
polkit-devel
suse enterprise desktop 15
0.114-1.12
fixed
suse enterprise desktop 15 SP1
0.114-3.6.1
fixed
suse enterprise sap 15
0.114-1.12
fixed
suse enterprise sap 15 SP1
0.114-3.6.1
fixed
suse enterprise server 15
0.114-1.12
fixed
suse enterprise server 15 SP1
0.114-3.6.1
fixed
systemd-228
suse enterprise sap 12 SP5
155.21
fixed
suse enterprise server 12 SP5
155.21
fixed
systemd-234
suse enterprise desktop 15
22.3
fixed
suse enterprise desktop 15 SP1
24.25.1
fixed
suse enterprise sap 15
22.3
fixed
suse enterprise sap 15 SP1
24.25.1
fixed
suse enterprise server 15
22.3
fixed
suse enterprise server 15 SP1
24.25.1
fixed
systemd-32bit-228
suse enterprise sap 12 SP5
155.21
fixed
suse enterprise server 12 SP5
155.21
fixed
systemd-32bit-234
suse enterprise desktop 15
22.3
fixed
suse enterprise desktop 15 SP1
24.25.1
fixed
suse enterprise sap 15
22.3
fixed
suse enterprise sap 15 SP1
24.25.1
fixed
suse enterprise server 15
22.3
fixed
suse enterprise server 15 SP1
24.25.1
fixed
systemd-bash-completion-228
suse enterprise sap 12 SP5
155.21
fixed
suse enterprise server 12 SP5
155.21
fixed
systemd-bash-completion-234
suse enterprise desktop 15
22.3
fixed
suse enterprise desktop 15 SP1
24.25.1
fixed
suse enterprise sap 15
22.3
fixed
suse enterprise sap 15 SP1
24.25.1
fixed
suse enterprise server 15
22.3
fixed
suse enterprise server 15 SP1
24.25.1
fixed
systemd-container-234
suse enterprise desktop 15
22.3
fixed
suse enterprise desktop 15 SP1
24.25.1
fixed
suse enterprise sap 15
22.3
fixed
suse enterprise sap 15 SP1
24.25.1
fixed
suse enterprise server 15
22.3
fixed
suse enterprise server 15 SP1
24.25.1
fixed
systemd-coredump-234
suse enterprise desktop 15
22.3
fixed
suse enterprise desktop 15 SP1
24.25.1
fixed
suse enterprise sap 15
22.3
fixed
suse enterprise sap 15 SP1
24.25.1
fixed
suse enterprise server 15
22.3
fixed
suse enterprise server 15 SP1
24.25.1
fixed
systemd-devel-234
suse enterprise desktop 15
22.3
fixed
suse enterprise desktop 15 SP1
24.25.1
fixed
suse enterprise sap 15
22.3
fixed
suse enterprise sap 15 SP1
24.25.1
fixed
suse enterprise server 15
22.3
fixed
suse enterprise server 15 SP1
24.25.1
fixed
systemd-sysvinit-228
suse enterprise sap 12 SP5
155.21
fixed
suse enterprise server 12 SP5
155.21
fixed
systemd-sysvinit-234
suse enterprise desktop 15
22.3
fixed
suse enterprise desktop 15 SP1
24.25.1
fixed
suse enterprise sap 15
22.3
fixed
suse enterprise sap 15 SP1
24.25.1
fixed
suse enterprise server 15
22.3
fixed
suse enterprise server 15 SP1
24.25.1
fixed
typelib-1_0-Polkit-1_0
suse enterprise desktop 15
0.114-1.12
fixed
suse enterprise desktop 15 SP1
0.114-3.6.1
fixed
suse enterprise sap 12 SP5
0.113-5.18.1
fixed
suse enterprise sap 15
0.114-1.12
fixed
suse enterprise sap 15 SP1
0.114-3.6.1
fixed
suse enterprise server 12 SP5
0.113-5.18.1
fixed
suse enterprise server 15
0.114-1.12
fixed
suse enterprise server 15 SP1
0.114-3.6.1
fixed
udev-228
suse enterprise sap 12 SP5
155.21
fixed
suse enterprise server 12 SP5
155.21
fixed
udev-234
suse enterprise desktop 15
22.3
fixed
suse enterprise desktop 15 SP1
24.25.1
fixed
suse enterprise sap 15
22.3
fixed
suse enterprise sap 15 SP1
24.25.1
fixed
suse enterprise server 15
22.3
fixed
suse enterprise server 15 SP1
24.25.1
fixed
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
polkit
RHEL 6
0:0.96-5.el6_4
fixed
polkit-desktop-policy
RHEL 6
0:0.96-5.el6_4
fixed
polkit-devel
RHEL 6
0:0.96-5.el6_4
fixed
polkit-docs
RHEL 6
0:0.96-5.el6_4
fixed
Common Weakness Enumeration
References
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=1002375
http://lists.opensuse.org/opensuse-updates/2013-10/msg00004.html
http://lists.opensuse.org/opensuse-updates/2013-10/msg00005.html
http://lists.opensuse.org/opensuse-updates/2013-10/msg00062.html
http://lists.opensuse.org/opensuse-updates/2013-11/msg00000.html
http://rhn.redhat.com/errata/RHSA-2013-1270.html
http://rhn.redhat.com/errata/RHSA-2013-1460.html
http://seclists.org/oss-sec/2013/q3/626
http://www.openwall.com/lists/oss-security/2013/09/18/4
http://www.ubuntu.com/usn/USN-1953-1
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=1002375
http://lists.opensuse.org/opensuse-updates/2013-10/msg00004.html
http://lists.opensuse.org/opensuse-updates/2013-10/msg00005.html
http://lists.opensuse.org/opensuse-updates/2013-10/msg00062.html
http://lists.opensuse.org/opensuse-updates/2013-11/msg00000.html
http://rhn.redhat.com/errata/RHSA-2013-1270.html
http://rhn.redhat.com/errata/RHSA-2013-1460.html
http://seclists.org/oss-sec/2013/q3/626
http://www.openwall.com/lists/oss-security/2013/09/18/4
http://www.ubuntu.com/usn/USN-1953-1