CVE-2013-4326

RealtimeKit (aka rtkit) 0.5 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:lennart_poettering:rkit:0.5:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*

Information

Published : 2013-10-03 14:55

Updated : 2019-04-22 10:48


NVD link : CVE-2013-4326

Mitre link : CVE-2013-4326


JSON object : View

CWE
CWE-264

Permissions, Privileges, and Access Controls

Advertisement

dedicated server usa

Products Affected

lennart_poettering

  • rkit

redhat

  • enterprise_linux