CVE-2013-1064
published 2013-10-03CVE-2013-1064: apt-xapian-index before 0.45ubuntu2.1, 0.44ubuntu7.1, and 0.44ubuntu5.1 does not properly use D-Bus for communication with a polkit authority, which allows…
PriorityP415medium4.6CVSS 2.0
AVLACLAuNCPIPAP
EPSS
0.38%
29.7th percentile
apt-xapian-index before 0.45ubuntu2.1, 0.44ubuntu7.1, and 0.44ubuntu5.1 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | apt-xapian-index | — | — |
| canonical | apt-xapian-index | — | — |
| canonical | apt-xapian-index | >= 0 < 0.47 | 0.47 |
| canonical | apt-xapian-index | >= 0 < 0.47 | 0.47 |
| canonical | apt-xapian-index | >= 0 < 0.47 | 0.47 |
| canonical | apt-xapian-index | >= 0.45ubuntu1 < 0.45ubuntu2.1 | 0.45ubuntu2.1 |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | apt-xapian-index | < apt-xapian-index 0.47 (bookworm) | apt-xapian-index 0.47 (bookworm) |
CVSS provenance
nvdv2.04.6MEDIUMAV:L/AC:L/Au:N/C:P/I:P/A:P
osv4.6MEDIUM
vendor_debian4.6LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
apt-xapian-index vulnerability
vendor_ubuntu·2013-09-18
CVE-2013-1064 apt-xapian-index vulnerability
Title: apt-xapian-index vulnerability
Summary: apt-xapian-index could be tricked into bypassing polkit authorizations.
It was discovered that apt-xapian-index was using polkit in an unsafe
manner. A local attacker could possibly use this issue to bypass intended
polkit authorizations.
Instructions: After a standard system update you need to reboot your computer to make
all the necessary changes.
Debian
CVE-2013-1064: apt-xapian-index - apt-xapian-index before 0.45ubuntu2.1, 0.44ubuntu7.1, and 0.44ubuntu5.1 does not...
vendor_debian·2013·CVSS 4.6
CVE-2013-1064 [MEDIUM] CVE-2013-1064: apt-xapian-index - apt-xapian-index before 0.45ubuntu2.1, 0.44ubuntu7.1, and 0.44ubuntu5.1 does not...
apt-xapian-index before 0.45ubuntu2.1, 0.44ubuntu7.1, and 0.44ubuntu5.1 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288.
Scope: local
bookworm: resolved (fixed in 0.47)
bullseye: resolved (fixed in 0.47)
forky: resolved (fixed in 0.47)
sid: resolved (fixed in 0.47)
GHSA
GHSA-f46w-pmxr-fvq6: apt-xapian-index before 0
ghsa_unreviewed·2022-05-14·CVSS 7.2
CVE-2013-1064 [HIGH] GHSA-f46w-pmxr-fvq6: apt-xapian-index before 0
apt-xapian-index before 0.45ubuntu2.1, 0.44ubuntu7.1, and 0.44ubuntu5.1 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288.
OSV
CVE-2013-1064: apt-xapian-index before 0
osv·2013-10-03·CVSS 4.6
CVE-2013-1064 [MEDIUM] CVE-2013-1064: apt-xapian-index before 0
apt-xapian-index before 0.45ubuntu2.1, 0.44ubuntu7.1, and 0.44ubuntu5.1 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://secunia.com/advisories/54914http://www.ubuntu.com/usn/USN-1955-1https://launchpad.net/ubuntu/+source/apt-xapian-index/0.44ubuntu5.1https://launchpad.net/ubuntu/+source/apt-xapian-index/0.44ubuntu7.1https://launchpad.net/ubuntu/+source/apt-xapian-index/0.45ubuntu2.1http://secunia.com/advisories/54914http://www.ubuntu.com/usn/USN-1955-1https://launchpad.net/ubuntu/+source/apt-xapian-index/0.44ubuntu5.1https://launchpad.net/ubuntu/+source/apt-xapian-index/0.44ubuntu7.1https://launchpad.net/ubuntu/+source/apt-xapian-index/0.45ubuntu2.1
2013-10-03
Published