First published: Thu Oct 03 2013(Updated: )
apt-xapian-index before 0.45ubuntu2.1, 0.44ubuntu7.1, and 0.44ubuntu5.1 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288.
Credit: security@ubuntu.com
Affected Software | Affected Version | How to fix |
---|---|---|
Canonical Apt-xapian-index | >=0.45ubuntu1<0.45ubuntu2.1 | |
Canonical Apt-xapian-index | =0.44ubuntu5.1 | |
Canonical Apt-xapian-index | =0.44ubuntu7.1 | |
Canonical Ubuntu Linux | =12.04 | |
Canonical Ubuntu Linux | =12.10 | |
Canonical Ubuntu Linux | =13.04 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.