First published: Thu Oct 03 2013(Updated: )
ubuntu-system-service 0.2.4 before 0.2.4.1. 0.2.3 before 0.2.3.1, and 0.2.2 before 0.2.2.1 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288.
Credit: security@ubuntu.com
Affected Software | Affected Version | How to fix |
---|---|---|
Canonical Ubuntu Linux | =12.04 | |
Canonical Ubuntu Linux | =12.10 | |
Canonical Ubuntu Linux | =13.04 | |
Michael Vogt Ubuntu-system-service | =0.2.2 | |
Michael Vogt Ubuntu-system-service | =0.2.3 | |
Michael Vogt Ubuntu-system-service | =0.2.4 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.