First published: Thu Oct 03 2013(Updated: )
dbus/SoftwarePropertiesDBus.py in Software Properties 0.92.17 before 0.92.17.3, 0.92.9 before 0.92.9.3, and 0.82.7 before 0.82.7.5 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288.
Credit: security@ubuntu.com
Affected Software | Affected Version | How to fix |
---|---|---|
Marc Deslauriers Software-properties | =0.82.7 | |
Marc Deslauriers Software-properties | =0.82.7.1 | |
Marc Deslauriers Software-properties | =0.82.7.2 | |
Marc Deslauriers Software-properties | =0.82.7.3 | |
Marc Deslauriers Software-properties | =0.82.7.4 | |
Marc Deslauriers Software-properties | =0.92.9 | |
Marc Deslauriers Software-properties | =0.92.9.1 | |
Marc Deslauriers Software-properties | =0.92.9.2 | |
Marc Deslauriers Software-properties | =0.92.17 | |
Marc Deslauriers Software-properties | =0.92.17.1 | |
Marc Deslauriers Software-properties | =0.92.17.2 | |
Canonical Ubuntu Linux | =12.04 | |
Canonical Ubuntu Linux | =12.10 | |
Canonical Ubuntu Linux | =13.04 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.