CVE-2013-1066

language-selector 0.110.x before 0.110.1, 0.90.x before 0.90.1, and 0.79.x before 0.79.4 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:ubuntu_developers:language-selector:0.79.1:*:*:*:*:*:*:*
cpe:2.3:a:ubuntu_developers:language-selector:0.79.2:*:*:*:*:*:*:*
cpe:2.3:a:ubuntu_developers:language-selector:0.79.3:*:*:*:*:*:*:*
cpe:2.3:a:ubuntu_developers:language-selector:0.90:*:*:*:*:*:*:*
cpe:2.3:a:ubuntu_developers:language-selector:0.110:*:*:*:*:*:*:*
cpe:2.3:a:ubuntu_developers:language-selector:0.79:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:canonical:ubuntu_linux:13.04:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*

Information

Published : 2013-10-03 14:55

Updated : 2017-08-28 18:33


NVD link : CVE-2013-1066

Mitre link : CVE-2013-1066


JSON object : View

CWE
CWE-264

Permissions, Privileges, and Access Controls

Advertisement

dedicated server usa

Products Affected

ubuntu_developers

  • language-selector

canonical

  • ubuntu_linux