CVE-2013-1062

ubuntu-system-service 0.2.4 before 0.2.4.1. 0.2.3 before 0.2.3.1, and 0.2.2 before 0.2.2.1 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288.
References
Link Resource
http://www.ubuntu.com/usn/USN-1962-1 Vendor Advisory
http://secunia.com/advisories/54907 Vendor Advisory
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:o:canonical:ubuntu_linux:13.04:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:michael_vogt:ubuntu-system-service:0.2.3:*:*:*:*:*:*:*
cpe:2.3:a:michael_vogt:ubuntu-system-service:0.2.2:*:*:*:*:*:*:*
cpe:2.3:a:michael_vogt:ubuntu-system-service:0.2.4:*:*:*:*:*:*:*

Information

Published : 2013-10-03 14:55

Updated : 2013-10-08 11:05


NVD link : CVE-2013-1062

Mitre link : CVE-2013-1062


JSON object : View

CWE
CWE-264

Permissions, Privileges, and Access Controls

Advertisement

dedicated server usa

Products Affected

canonical

  • ubuntu_linux

michael_vogt

  • ubuntu-system-service